Jump to content

Some kind of redirect trojan?


Recommended Posts

Hi, all

Brand new to the site, so I hope I've got everything here I need. Running Win7/64-bit. Have two drives: an SSD for booting and OS and a second drive for programs and storage. In December, I replaced my 40gb SSD with a new 120GB SSD. Fortunately, I still have the original one.

About 7 days ago, the machine went all funky while my wife was playing a game online through Big Fish Games. She's never had an issue with this site. We lost all control over the mouse, I couldn't get into my profile on the machine, Firefox was acting very strange (loading slow, not getting to pages). Firefox would not let me get to any anti-malware sites and would lock up any time I tried.

I ran several scans from safe mode with Avast and RootKit Killer, none of them found anything on either drive. I then thought of swapping out the SSD cards and seeing if I could get a clean boot with the original card. I can do that and have managed to do a couple of things. The first thing I did was run the eset online scan. It came back with this:

B:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application cleaned by deleting - quarantined

B:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined

B:\Users\Scott\Downloads\musicnotesSuite.exe Win32/OpenCandy application cleaned by deleting - quarantined

B:\Users\Scott\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined

B:\Users\Scott\Downloads\wzcourier30.exe Win32/OpenCandy application deleted - quarantined

The next thing I did was run Hijack This. I'm seeing some references to a redirect dll file on my programs and storage drive. The dds.txt file is below. I do know that my AV defs are out of date on the original boot SSD. This is simply because of space issues on that drive. Everything was on and current at the time the machine started having issues.

Thanks and I look forward to hearing back for you. Scott

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16450

Run by Scott at 22:11:39 on 2013-01-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6697 [GMT -8:00]

.

AV: Norton Internet Security *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.linkedin.com/secure/login

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit = C:\Windows\System32\userinit.exe

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - B:\Program files\Engine\18.7.2.3\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - B:\Program files\Engine\18.7.2.3\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - B:\Program Files (x86)\WinZip Courier\wzwmcie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - B:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [EPSONB81B65 (WorkForce 840)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S1F23.tmp" /EF "HKCU"

uRun: [EPSON WorkForce 840 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S4D35.tmp" /EF "HKCU"

uRun: [spotify Web Helper] "C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Acrobat Assistant 8.0] "B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QFan Help] "B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AirPort Base Station Agent] "B:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [EaseUs Watch] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

mRunOnce: [Malwarebytes Anti-Malware] b:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - B:\Program files\Logitech\SetPoint\SetPoint.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - B:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{048FC948-2133-4906-ABFA-E6F7D1200C14} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{1002CBC1-91EE-4A6A-8C9D-5481E0A2A963} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{76D9561D-DEFC-4CFD-9482-D77DA5935764} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{93E2F36C-5396-421D-B4B6-87E1F6A98F60} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{C11890CA-6852-43CD-90A6-918707133DE7} : DHCPNameServer = 10.0.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - component: B:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: b:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: b:\Program Files (x86)\Musicnotes\npmusicn.dll

FF - plugin: b:\Program Files (x86)\Musicnotes\NPSibelius.dll

FF - plugin: B:\Program Files (x86)\WinZip Courier\npwzwmc.dll

FF - plugin: b:\real player\Netscape6\nppl3260.dll

FF - plugin: b:\real player\Netscape6\nprjplug.dll

FF - plugin: b:\real player\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744]

R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-11-30 58952]

R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-11-30 48200]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-25 55856]

R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-25 27120]

R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-25 19952]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 203888]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2013-1-8 1384608]

S1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-11-30 18504]

S1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-11-30 189000]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130105.001\IDSviA64.sys [2013-1-5 513184]

S1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-25 27632]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-19 203776]

S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-27 96896]

S2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EaseUS Agent;EaseUS Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-11-30 69192]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-12 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-12 128512]

S2 Guard Agent;Guard Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-11-30 23624]

S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-6-21 1923592]

S2 NIS;Norton Internet Security;B:\Program files\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]

S2 TeamViewer6;TeamViewer 6;B:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]

S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-12-27 1101600]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-18 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;C:\Windows\System32\drivers\MAudioMobilePreII.sys [2010-6-21 484360]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2011-4-1 484736]

S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-1-3 30352]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="B:\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="B:\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-01-09 04:57:54 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB95B980-3A4C-4878-AF98-B10AFB410607}\mpengine.dll

2013-01-09 00:36:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes

2013-01-09 00:36:29 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-09 00:36:27 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-09 00:35:44 -------- d-----w- C:\Users\Scott\AppData\Local\Programs

2013-01-08 04:57:44 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-08 04:50:15 -------- d-----w- C:\Program Files (x86)\ESET

.

==================== Find3M ====================

.

2013-01-08 23:45:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 23:45:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-20 07:02:22 24136 ----a-w- C:\Windows\System32\fbnative.exe

2012-10-20 07:02:16 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys

2012-10-20 07:02:12 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys

2012-10-20 07:02:06 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys

2012-10-20 07:02:04 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys

.

============= FINISH: 22:11:47.35 ===============

Link to post
Share on other sites

Hello musicscott! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

What about the content of Attach.txt?

Link to post
Share on other sites

Hey, Maniac

My bad...got confused with the note at the top of this saying not to post it. Here it is:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2010 3:18:51 PM

System Uptime: 1/8/2013 10:08:39 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7P55D-E PRO

Processor: Intel® Core i5 CPU 760 @ 2.80GHz | LGA1156 | 2808/133mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 932 GiB total, 814.616 GiB free.

C: is FIXED (NTFS) - 37 GiB total, 0.815 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3ivx MPEG-4 5.0.3 (remove only)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5 Web Premium

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe InDesign CS5.5

Adobe Media Player

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

AI Suite

Airline Tycoon 2 v1.00

AirPort

Alice Greenfingers

All My Gods

Amazon MP3 Downloader 1.0.15

Amazon Music Importer

AmpliTube X-GEAR

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Artisteer 2

Assassin's Creed

Assassin's Creed II

ASUS VGA Driver

ASUSUpdate

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

Audio Creator LE 1.5

Avery Wizard 4.0

Big Fish Games: Game Manager

Bing Bar

BlackBerry Desktop Software 6.1

BlackBerry Device Software Updater

Bonjour

Bonjour Print Services

Boris Graffiti

Build-a-lot 2: Town of the Year

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help English

CDDRV_Installer

City of Fools

ConvertHelper 2.2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EaseUS Todo Backup Free 5.3

Echoes of the Past: The Citadels of Time

eLicenser Control

Emerald City Confidential

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 840 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

erLT

ESET Online Scanner v3

Evernote v. 4.5.10

Farm Frenzy 3: Ice Age

Farmington Tales

Forgotten Lands: First Colony ™

GameSpy Arcade

Google Calendar Sync

Google Chrome

Google Update Helper

Haunted Domains

Hobby Farm

Insaniquarium! Deluxe

Ipswitch WS_FTP 12

iTunes

Junk Mail filter update

KhalInstallWrapper

Logitech SetPoint

Lost Cases of Sherlock Holmes

Love Chronicles: The Spell

M-Audio MobilePre Driver 1.0.4 (x64)

Magic Bullet Looks Studio

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Midnight Mysteries 3: Devil on the Mississippi

MobileMe Control Panel

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Firefox 4.0 (x86 en-US)

Mozilla Thunderbird (3.1.9)

Mozilla Thunderbird 16.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Creator 5

Musicnotes Software Suite 1.5.5

muvee Plugin 1.0

My Kingdom for the Princess III

Mystery Case Files ®: 13th Skull ™

Mystery of Mortlake Mansion

Mystery Trackers: Raincliff

Mystery Trackers: The Void

Nancy Drew: Shadow at the Water's Edge

NEC Electronics USB 3.0 Host Controller Driver

New Yankee in King Arthur's Court

Northern Tale

Norton Internet Security

Notepad++

Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition

PC Probe II

PDF Settings CS5

Pinnacle Studio 12

Pinnacle Studio 12 Ultimate Plugins

Pinnacle Video Driver

Pioneer Lands

Plantasia

Plants vs. Zombies

proDAD Vitascene 1.0

QuickTime

Rainbow Web 3

Ravensburger Puzzle Selection

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rescue Team

Roads of Rome II

Roads of Rome III

Roxio BackOnTrack

Roxio Burn

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator 2011

Roxio PhotoShow

Roxio Video Capture USB

Royal Envoy 2 Collector's Edition

Sacra Terra: Angelic Night

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SmartSound Common Data

SmartSound Quicktracks 5

Spotify

Stamps.com

Stamps.com Address Book Support for Microsoft Outlook 97-2010

Stamps.com Application Support for Microsoft Outlook 2000-2010

Stamps.com Application Support for Microsoft Word 2000-2010

Stamps.com support for Microsoft Outlook 2000-2010

Stamps.com support for Microsoft Outlook 97-2010

Stamps.com support for Microsoft Word 2000-2010

Steinberg Cubase 5 64bit

Steinberg Groove Agent ONE Content

Steinberg Groove Agent ONE Vintage Beatboxes

Steinberg HALionOne 64bit

Steinberg HALionOne Expression Set

Steinberg HALionOne GM Drum Set

Steinberg HALionOne GM Set

Steinberg HALionOne Pro Set

Steinberg HALionOne Studio Drum Set

Steinberg HALionOne Studio Set

Steinberg LoopMash Content

Steinberg REVerence Content 01

Stronghold

Stronghold 2

Stronghold Crusader Extreme

Stronghold Legends

TeamViewer 6

The Island: Castaway

The Island: Castaway 2

The Promised Land

The TimeBuilders: Pyramid Rising 2

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

TV Farm

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

US122 Driver 3.30

Vacation Quest: Australia

VD64Inst

Vuze

Vuze Remote Toolbar

WampServer 2.2

Westward II: Heroes of the Frontier

Westward III: Gold Rush

Westward IV: All Aboard

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.5

WinZip Courier

Zoo Tycoon 2 - Extinct Animals

.

==== Event Viewer Messages From Past Week ========

.

1/8/2013 10:11:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/8/2013 10:09:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/8/2013 10:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/8/2013 10:09:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/8/2013 10:09:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 discache eeCtrl EUDSKACS EUFDDISK IDSVia64 MpFilter SaibVdAd64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

1/7/2013 8:47:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

1/7/2013 8:47:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

1/7/2013 8:46:31 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Microsoft Security Essentials and to keep Norton Internet Security, but only if you have license for it, if not uninstall Norton Internet Security.

Also, please uninstall:

Vuze

Vuze Remote Toolbar

Finally, restart your computer.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes Anti-Rootkit logs
  • a new fresh DDS log

Link to post
Share on other sites

Here's the JRT log, looks like there was a couple of things there.

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows 7 Professional x64

Ran by Scott on Thu 01/10/2013 at 20:55:00.95

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Scott\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Scott\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Scott\appdata\local\opencandy"

Successfully deleted: [Folder] "C:\Users\Scott\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Scott\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/10/2013 at 21:00:13.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malware bytes system log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: B:\ DRIVE_FIXED, C:\ DRIVE_FIXED

CPU speed: 2.808000 GHz

Memory total: 8587890688, free: 6371524608

------------ Kernel report ------------

01/10/2013 21:07:37

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\DRIVERS\acs6nts.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\Saibad64.sys

\SystemRoot\System32\Drivers\Sahdad64.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\EUBKMON.sys

\SystemRoot\system32\drivers\eubakup.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

\SystemRoot\system32\drivers\NISx64\1207020.003\Ironx64.SYS

\SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS

\SystemRoot\System32\Drivers\SaibVdAd64.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\Windows\system32\drivers\EuFdDisk.sys

\??\C:\Windows\system32\drivers\eudskacs.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys

\SystemRoot\SysWow64\drivers\AsUpIO.sys

\SystemRoot\SysWow64\drivers\AsIO.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\MarvinBus64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtiHdmi.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\LUsbFilt.Sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\SynUSB64.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121130.016\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121130.016\ENG64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130108.002\IDSvia64.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shell32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\difxapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\urlmon.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800780f060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP7T0L0-d\

Lower Device Object: 0xfffffa8007536060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800780e790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-b\

Lower Device Object: 0xfffffa8007538060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2013.01.11.05

Downloaded database version: v2013.01.04.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800780e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007657b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800780e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007656a20, DeviceName: Unknown, DriverName: \Driver\Sahdad64\

DevicePointer: 0xfffffa8007538060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-b\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a015b910d0, 0xfffffa800780e790, 0xfffffa80074d3090

Lower DeviceData: 0xfffff8a010e8a680, 0xfffffa8007538060, 0xfffffa800a1dbcf0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

The directory C:\Windows\system32\drivers seems inaccessible or encrypted.

Drivers scan is aborted.

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 32B446F4

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 77950976

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 40018599936 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-78141328-78161328)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800780f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800780fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800780f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007658a20, DeviceName: Unknown, DriverName: \Driver\Sahdad64\

DevicePointer: 0xfffffa800754a520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8007536060, DeviceName: \Device\Ide\IdeDeviceP7T0L0-d\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a015243520, 0xfffffa800780f060, 0xfffffa8008f36790

Lower DeviceData: 0xfffff8a00ffd0590, 0xfffffa8007536060, 0xfffffa80073ee670

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A42F7845

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

<<<2>>>

Device number: 1, partition: 1

<<<3>>>

Volume: B:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Scan finished

=======================================

The Malware bytes log

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Scott :: CUNNINGHAM [administrator]

1/10/2013 9:26:28 PM

mbar-log-2013-01-10 (21-26-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 32586

Time elapsed: 18 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS logs will be in next post

Link to post
Share on other sites

Here's the contents for attach.dds

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2010 3:18:51 PM

System Uptime: 1/10/2013 8:41:00 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7P55D-E PRO

Processor: Intel® Core i5 CPU 760 @ 2.80GHz | LGA1156 | 2801/133mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 932 GiB total, 815.313 GiB free.

C: is FIXED (NTFS) - 37 GiB total, 1.638 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3ivx MPEG-4 5.0.3 (remove only)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5 Web Premium

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe InDesign CS5.5

Adobe Media Player

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

AI Suite

Airline Tycoon 2 v1.00

AirPort

Alice Greenfingers

All My Gods

Amazon MP3 Downloader 1.0.15

Amazon Music Importer

AmpliTube X-GEAR

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Artisteer 2

Assassin's Creed

Assassin's Creed II

ASUS VGA Driver

ASUSUpdate

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

Audio Creator LE 1.5

Avery Wizard 4.0

Big Fish Games: Game Manager

Bing Bar

BlackBerry Desktop Software 6.1

BlackBerry Device Software Updater

Bonjour

Bonjour Print Services

Boris Graffiti

Build-a-lot 2: Town of the Year

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help English

CDDRV_Installer

City of Fools

ConvertHelper 2.2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EaseUS Todo Backup Free 5.3

Echoes of the Past: The Citadels of Time

eLicenser Control

Emerald City Confidential

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 840 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

erLT

ESET Online Scanner v3

Evernote v. 4.5.10

Farm Frenzy 3: Ice Age

Farmington Tales

Forgotten Lands: First Colony ™

GameSpy Arcade

Google Calendar Sync

Google Chrome

Google Update Helper

Haunted Domains

Hobby Farm

Insaniquarium! Deluxe

Ipswitch WS_FTP 12

iTunes

Junk Mail filter update

KhalInstallWrapper

Logitech SetPoint

Lost Cases of Sherlock Holmes

Love Chronicles: The Spell

M-Audio MobilePre Driver 1.0.4 (x64)

Magic Bullet Looks Studio

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Midnight Mysteries 3: Devil on the Mississippi

MobileMe Control Panel

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Firefox 4.0 (x86 en-US)

Mozilla Thunderbird (3.1.9)

Mozilla Thunderbird 16.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Creator 5

Musicnotes Software Suite 1.5.5

muvee Plugin 1.0

My Kingdom for the Princess III

Mystery Case Files ®: 13th Skull ™

Mystery of Mortlake Mansion

Mystery Trackers: Raincliff

Mystery Trackers: The Void

Nancy Drew: Shadow at the Water's Edge

NEC Electronics USB 3.0 Host Controller Driver

New Yankee in King Arthur's Court

Northern Tale

Norton Internet Security

Notepad++

Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition

PC Probe II

PDF Settings CS5

Pinnacle Studio 12

Pinnacle Studio 12 Ultimate Plugins

Pinnacle Video Driver

Pioneer Lands

Plantasia

Plants vs. Zombies

proDAD Vitascene 1.0

QuickTime

Rainbow Web 3

Ravensburger Puzzle Selection

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rescue Team

Roads of Rome II

Roads of Rome III

Roxio BackOnTrack

Roxio Burn

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator 2011

Roxio PhotoShow

Roxio Video Capture USB

Royal Envoy 2 Collector's Edition

Sacra Terra: Angelic Night

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SmartSound Common Data

SmartSound Quicktracks 5

Spotify

Stamps.com

Stamps.com Address Book Support for Microsoft Outlook 97-2010

Stamps.com Application Support for Microsoft Outlook 2000-2010

Stamps.com Application Support for Microsoft Word 2000-2010

Stamps.com support for Microsoft Outlook 2000-2010

Stamps.com support for Microsoft Outlook 97-2010

Stamps.com support for Microsoft Word 2000-2010

Steinberg Cubase 5 64bit

Steinberg Groove Agent ONE Content

Steinberg Groove Agent ONE Vintage Beatboxes

Steinberg HALionOne 64bit

Steinberg HALionOne Expression Set

Steinberg HALionOne GM Drum Set

Steinberg HALionOne GM Set

Steinberg HALionOne Pro Set

Steinberg HALionOne Studio Drum Set

Steinberg HALionOne Studio Set

Steinberg LoopMash Content

Steinberg REVerence Content 01

Stronghold

Stronghold 2

Stronghold Crusader Extreme

Stronghold Legends

TeamViewer 6

The Island: Castaway

The Island: Castaway 2

The Promised Land

The TimeBuilders: Pyramid Rising 2

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

TV Farm

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

US122 Driver 3.30

Vacation Quest: Australia

VD64Inst

WampServer 2.2

Westward II: Heroes of the Frontier

Westward III: Gold Rush

Westward IV: All Aboard

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.5

WinZip Courier

Zoo Tycoon 2 - Extinct Animals

.

==== End Of File ===========================

Here's the contents of the dds log (which is still showing a BHO object as the URLREDIR.dll file)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by Scott at 21:48:35 on 2013-01-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6166 [GMT -8:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

b:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

b:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe

B:\Program files\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\taskhost.exe

B:\Program files\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

B:\Program files\Logitech\SetPoint\LBTWiz.exe

C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

B:\Program files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

B:\Program files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

B:\Program Files (x86)\AirPort\APAgent.exe

B:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe

B:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

b:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\explorer.exe

B:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\explorer.exe

B:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

B:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.linkedin.com/secure/login

mWinlogon: Userinit = C:\Windows\System32\userinit.exe

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - B:\Program files\Engine\18.7.2.3\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - B:\Program files\Engine\18.7.2.3\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - B:\Program Files (x86)\WinZip Courier\wzwmcie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - B:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [EPSONB81B65 (WorkForce 840)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S1F23.tmp" /EF "HKCU"

uRun: [EPSON WorkForce 840 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S4D35.tmp" /EF "HKCU"

uRun: [spotify Web Helper] "C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Acrobat Assistant 8.0] "B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QFan Help] "B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AirPort Base Station Agent] "B:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [EaseUs Watch] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

mRunOnce: [Z1] B:\Users\Scott\Downloads\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - B:\Program files\Logitech\SetPoint\SetPoint.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - B:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{048FC948-2133-4906-ABFA-E6F7D1200C14} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{1002CBC1-91EE-4A6A-8C9D-5481E0A2A963} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{76D9561D-DEFC-4CFD-9482-D77DA5935764} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{93E2F36C-5396-421D-B4B6-87E1F6A98F60} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{C11890CA-6852-43CD-90A6-918707133DE7} : DHCPNameServer = 10.0.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - component: B:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: b:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: b:\Program Files (x86)\Musicnotes\npmusicn.dll

FF - plugin: b:\Program Files (x86)\Musicnotes\NPSibelius.dll

FF - plugin: B:\Program Files (x86)\WinZip Courier\npwzwmc.dll

FF - plugin: b:\real player\Netscape6\nppl3260.dll

FF - plugin: b:\real player\Netscape6\nprjplug.dll

FF - plugin: b:\real player\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744]

R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-11-30 58952]

R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-11-30 48200]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-25 55856]

R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-25 27120]

R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-25 19952]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2013-1-9 1384608]

R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-11-30 18504]

R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-11-30 189000]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.001\IDSviA64.sys [2013-1-10 513184]

R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-25 27632]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-19 203776]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-27 96896]

R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]

R2 EaseUS Agent;EaseUS Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-11-30 69192]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-12 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-12 128512]

R2 Guard Agent;Guard Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-11-30 23624]

R2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-6-21 1923592]

R2 NIS;Norton Internet Security;B:\Program files\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

R2 TeamViewer6;TeamViewer 6;B:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-1-3 30352]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]

S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-12-27 1101600]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-18 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;C:\Windows\System32\drivers\MAudioMobilePreII.sys [2010-6-21 484360]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2011-4-1 484736]

S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="B:\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="B:\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-01-11 04:54:59 -------- d-----w- C:\Windows\ERUNT

2013-01-11 04:54:44 -------- d-----w- C:\JRT

2013-01-09 00:36:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes

2013-01-09 00:36:29 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-09 00:36:27 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-09 00:35:44 -------- d-----w- C:\Users\Scott\AppData\Local\Programs

2013-01-08 04:50:15 -------- d-----w- C:\Program Files (x86)\ESET

.

==================== Find3M ====================

.

2013-01-08 23:45:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 23:45:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-20 07:02:22 24136 ----a-w- C:\Windows\System32\fbnative.exe

2012-10-20 07:02:16 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys

2012-10-20 07:02:12 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys

2012-10-20 07:02:06 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys

2012-10-20 07:02:04 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys

.

============= FINISH: 21:48:42.70 ===============

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here ya go. ComboFix ran perfectly, no issues at all. Let me know when I can uninstall it. Here's the log:

ComboFix 13-01-11.02 - Scott 01/11/2013 15:18:11.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6379 [GMT -8:00]

Running from: c:\users\Scott\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

B:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))

.

.

2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- c:\windows\ERUNT

2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- C:\JRT

2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes

2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\programdata\Malwarebytes

2013-01-09 00:36 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-09 00:35 . 2013-01-09 00:35 -------- d-----w- c:\users\Scott\AppData\Local\Programs

2013-01-08 04:50 . 2013-01-08 04:50 -------- d-----w- c:\program files (x86)\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 23:45 . 2012-04-05 20:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-08 23:45 . 2011-06-03 06:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-17 01:31 . 2010-12-27 23:44 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-20 07:02 . 2012-12-01 01:23 24136 ----a-w- c:\windows\system32\fbnative.exe

2012-10-20 07:02 . 2012-12-01 01:24 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-10-20 07:02 . 2012-12-01 01:24 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-10-20 07:02 . 2012-12-01 01:24 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-10-20 07:02 . 2012-12-01 01:24 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"Acrobat Assistant 8.0"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"QFan Help"="b:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"AirPort Base Station Agent"="b:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]

"EaseUs Watch"="b:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-10-20 70728]

"EaseUs Tray"="b:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-10-30 1315400]

.

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]

EvernoteClipper.lnk - b:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - b:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="b:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe Acrobat Speed Launcher"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Desktop Disc Tool"="b:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"

"TkBellExe"="b:\real player\Update\realsched.exe" -osboot

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600]

R3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;c:\windows\system32\DRIVERS\MAudioMobilePreII.sys [2010-06-22 484360]

R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736]

R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [2010-06-01 29744]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-20 58952]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-20 48200]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]

S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-20 18504]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-20 189000]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.001\IDSvia64.sys [2013-01-05 513184]

S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]

S2 EaseUS Agent;EaseUS Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-10-31 69192]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 Guard Agent;Guard Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-10-20 23624]

S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;c:\program files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-06-22 1923592]

S2 NIS;Norton Internet Security;b:\program files\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 TeamViewer6;TeamViewer 6;b:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2010-09-17 30352]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-11 18:50 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.linkedin.com/secure/login

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - b:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - b:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.1.1

FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"b:\program files\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"b:\program files\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3919128133-3168595497-1692597096-1000)

@Denied: (2) (LocalSystem)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\06\15\13*\180"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-11 15:23:25

ComboFix-quarantined-files.txt 2013-01-11 23:23

.

Pre-Run: 1,368,915,968 bytes free

Post-Run: 1,417,003,008 bytes free

.

- - End Of File - - 26B020E29C67E4791BDC20879CD36D21

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::

FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

This all went well, no problems. Here's the output. sc

ComboFix 13-01-12.01 - Scott 01/12/2013 13:12:25.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5976 [GMT -8:00]

Running from: c:\users\Scott\Desktop\ComboFix.exe

Command switches used :: c:\users\Scott\Desktop\CFScript.txt.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

.

.

2013-01-12 21:16 . 2013-01-12 21:16 -------- d-----w- c:\users\Donna\AppData\Local\temp

2013-01-12 21:16 . 2013-01-12 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- c:\windows\ERUNT

2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- C:\JRT

2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes

2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\programdata\Malwarebytes

2013-01-09 00:36 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-09 00:35 . 2013-01-09 00:35 -------- d-----w- c:\users\Scott\AppData\Local\Programs

2013-01-08 04:50 . 2013-01-08 04:50 -------- d-----w- c:\program files (x86)\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 23:45 . 2012-04-05 20:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-08 23:45 . 2011-06-03 06:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-17 01:31 . 2010-12-27 23:44 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-20 07:02 . 2012-12-01 01:23 24136 ----a-w- c:\windows\system32\fbnative.exe

2012-10-20 07:02 . 2012-12-01 01:24 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-10-20 07:02 . 2012-12-01 01:24 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-10-20 07:02 . 2012-12-01 01:24 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-10-20 07:02 . 2012-12-01 01:24 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"Acrobat Assistant 8.0"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"QFan Help"="b:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"AirPort Base Station Agent"="b:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]

"EaseUs Watch"="b:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-10-20 70728]

"EaseUs Tray"="b:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-10-30 1315400]

.

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]

EvernoteClipper.lnk - b:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - b:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="b:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe Acrobat Speed Launcher"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Desktop Disc Tool"="b:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"

"TkBellExe"="b:\real player\Update\realsched.exe" -osboot

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600]

R3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;c:\windows\system32\DRIVERS\MAudioMobilePreII.sys [2010-06-22 484360]

R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736]

R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [2010-06-01 29744]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-20 58952]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-20 48200]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]

S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-20 18504]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-20 189000]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.002\IDSvia64.sys [2013-01-05 513184]

S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]

S2 EaseUS Agent;EaseUS Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-10-31 69192]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 Guard Agent;Guard Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-10-20 23624]

S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;c:\program files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-06-22 1923592]

S2 NIS;Norton Internet Security;b:\program files\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 TeamViewer6;TeamViewer 6;b:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2010-09-17 30352]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-11 18:50 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.linkedin.com/secure/login

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - b:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - b:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.1.1

FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"b:\program files\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"b:\program files\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3919128133-3168595497-1692597096-1000)

@Denied: (2) (LocalSystem)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\06\15\13*\180"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-12 13:17:23

ComboFix-quarantined-files.txt 2013-01-12 21:17

ComboFix2.txt 2013-01-11 23:23

.

Pre-Run: 1,485,017,088 bytes free

Post-Run: 1,750,433,792 bytes free

.

- - End Of File - - 9A63323ED39E7142C0AC4935B9E9162A

Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

I think they're in pretty good shape. Give me about 24 hours to really make sure and then we can consider this resolved. Do you think I'm ok at this point to reformat my other ssd drive and clone this one to it? Before I start updating windows and other things, I need to get the bigger ssd in the machine. I don't have enough room on the one that I'm using right now. Scott

Link to post
Share on other sites

I think I'll be ok at this point. The ssd boot drive that was in the machine when it got infected is evidently bad now. It isn't being recognized easily by the system and I've tried to clone the drive we just cleaned up to it twice now and it isn't working. Everything looks like it is going well, then toward the end I get an error message that it couldn't write to a sector. Since I only got the ssd two months ago, it is still under warranty, so I'll return it and see what a fresh one does.

Does it make sense to you that this is a hardware issue at this point? The bios isn't even recognizing the drive, so I'm think it was damaged from the trojan. Scott

Link to post
Share on other sites

Thanks, I've seen a lot of that stuff. I just poked around in the bios and it isn't recognizing the ssd drives at all. Very odd that it will boot with an ssd that doesn't show up in the bios. I'll keep plugging away at this and see what happens.

Again, thanks so much for the help! It is really appreciated and I'll be hitting the Donate button. At this point I think we can consider the virus / trojan issue closed unless you think it did something to the motherboard or bios.

All the best,

Scott

Link to post
Share on other sites

Dude, this has been such a total nightmare. Good news: I'm back in business and everything is working like it should!!! :wub:

But, something happened with the virus that resulted in the SATA AHCI settings getting switched to IDE. That's why the system wouldn't recognize my discs. I don't know how I even was able to get it to boot with it set like that. So, I discovered that today. AND: The backup software I was using was Todo EASEUS. Well, I didn't realize that my version only had a 15 day trial period. So, it would start up, accept the settings, and start to run only to crash or hang up. Discovered tonight that I needed to buy the full version. So, between having both the wrong BIOS setting and software that wouldn't run, no wonder I couldn't make any progress. I almost feel like going out in the street and dancing!

Anyway, thanks again for all your help and walking me through the steps to figure out what code to run to get rid of the conduit infection. Very kind and generous of you.

All the best,

Scott

Link to post
Share on other sites

Glad I could help, Scott! Glad you're pleased with our performance. Good for you too! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner and manually delete Junkware Removal Tool and Malwarebytes Anti-Rootkit.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.