Jump to content

Recommended Posts

I ran the malwarebytes program multiple times under safe mode, regular windows boot up, and under a completely different OS (Kasperski) . The malwarebytes program was able to remove the Interpol ransomware from locking up my computer however 2 infected files consistently remain and some of my programs/files (photos, music, word documents, etc.) remain corrupted and cannot be accessed under the infected computer (these files do work fine on other computers). Below is the requested DDS reports. Thank you for your time and kind consideration in this matter.

DDS Text

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_22

Run by Woahdiggity at 19:06:00 on 2013-03-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2444 [GMT -4:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe

C:\Program Files (x86)\ASUS\AASP\1.01.05\aaCenter.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Jumi\jumi.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

uWindows: Load = C:\Users\WOAHDI~1\LOCALS~1\Temp\mssiyx.exe

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"

mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: $talisma_url$

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{3456305E-2EB2-41AF-B1B1-BFA91D257539} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{B647C36A-350A-4CA3-94B9-8A586072FA3D} : DHCPNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Woahdiggity\AppData\Roaming\Mozilla\Firefox\Profiles\uoa6txxx.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll

FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-1 469144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-22 203776]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 682344]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-11-5 517632]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-10-22 178920]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-10-22 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-4-1 79504]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-22 116752]

R3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-30 24176]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-1 119968]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-4-1 77104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-18 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-1 1255736]

.

=============== Created Last 30 ================

.

2013-03-21 00:02:56 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-21 00:02:55 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-20 23:57:11 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-20 23:57:10 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-20 23:57:10 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-20 23:56:59 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-03-20 23:56:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-20 23:56:54 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-03-20 23:56:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-03-20 23:56:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-03-20 23:56:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-03-20 23:56:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-03-20 23:56:48 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-03-20 23:56:40 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-03-20 23:56:39 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-16 02:43:25 -------- d-----w- C:\Users\Woahdiggity\AppData\Roaming\Canneverbe Limited

2013-03-16 02:43:25 -------- d-----w- C:\ProgramData\Canneverbe Limited

.

==================== Find3M ====================

.

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-13 18:42:06 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 18:42:06 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

.

============= FINISH: 19:06:35.08 ===============

Attach Text

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/5/2010 3:20:03 PM

System Uptime: 3/22/2013 6:13:57 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Maximus Formula

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2394/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 130.71 GiB free.

D: is CDROM (UDF)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

3DMark06

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

AI Suite

AMD Drag and Drop Transcoding

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ares 2.1.2

ASUSUpdate

AT&T Service & Support Tool

ATI Catalyst Install Manager

ATI Catalyst Registration

BitTorrent

BitTorrentBar Toolbar

Bonjour

CambridgeSoft Activation Client

CambridgeSoft ChemDraw Ultra 12.0

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help English

CCleaner

CDBurnerXP

Conduit Engine

D3DX10

Deus Ex

Host OpenAL (ADI)

Internet TV for Windows Media Center

iTunes

Java Auto Updater

Java 6 Update 17 (64-bit)

Java 6 Update 22

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Agent

McAfee VirusScan Enterprise

MestReNova LITE 5.2.5-5780

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

PopTools

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Respondus LockDown Browser

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Sid Meier's Civilization V

Starcraft

StarCraft II

Steam

The Lord of the Rings FREE Trial

The Sims™ 3

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Vampire - The Masquerade Bloodlines

VirtualCloneDrive

VLC media player 1.0.1

Vortex9.99

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

WMV9/VC-1 Video Playback

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

3/22/2013 6:15:19 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

3/22/2013 6:15:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

3/22/2013 6:14:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/22/2013 6:14:19 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/22/2013 6:14:18 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/22/2013 6:14:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/22/2013 5:43:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/22/2013 5:43:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/22/2013 5:28:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/22/2013 5:27:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/22/2013 5:27:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/22/2013 5:27:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/22/2013 5:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/22/2013 5:27:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/22/2013 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

3/22/2013 5:26:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache ElbyCDIO mfehidk spldr sptd Wanarpv6

3/22/2013 5:26:57 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/22/2013 5:26:57 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

3/22/2013 5:26:57 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

3/22/2013 5:26:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/22/2013 5:26:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

3/22/2013 2:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

3/22/2013 2:51:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/22/2013 2:29:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

3/22/2013 2:29:24 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/22/2013 1:11:46 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello nlsaustin and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

BitTorrent

BitTorrentBar Toolbar

Conduit Engine

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Thank You for your assistance, Here are the following log files per your request:

Junkware Removal Tool Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.2 (03.15.2013:1)

OS: Windows 7 Home Premium x64

Ran by Woahdiggity on Fri 03/22/2013 at 22:29:03.81

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\bittorrentbar

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Woahdiggity\appdata\locallow\bittorrentbar"

Successfully deleted: [Folder] "C:\Users\Woahdiggity\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Woahdiggity\appdata\locallow\pricegong"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml"

Emptied folder: C:\Users\Woahdiggity\AppData\Roaming\mozilla\firefox\profiles\uoa6txxx.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 03/22/2013 at 22:39:40.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware Log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.22.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Woahdiggity :: WOAHDIGGITY-PC [administrator]

Protection: Enabled

3/22/2013 10:44:32 PM

mbam-log-2013-03-22 (22-44-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 35156

Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR Log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-03-22 22:52:05

-----------------------------

22:52:05.516 OS Version: Windows x64 6.1.7601 Service Pack 1

22:52:05.516 Number of processors: 4 586 0xF0B

22:52:05.516 ComputerName: WOAHDIGGITY-PC UserName: Woahdiggity

22:52:06.530 Initialize success

22:55:09.000 AVAST engine defs: 13032201

22:55:23.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5

22:55:23.180 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3

22:55:23.227 Disk 0 MBR read successfully

22:55:23.242 Disk 0 MBR scan

22:55:23.242 Disk 0 Windows 7 default MBR code

22:55:23.242 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63

22:55:23.274 Disk 0 scanning C:\Windows\system32\drivers

22:55:32.899 Service scanning

22:55:54.255 Modules scanning

22:55:54.255 Disk 0 trace - called modules:

22:55:54.302 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80049e72c0]<<spbn.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

22:55:54.302 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dfb060]

22:55:54.302 3 CLASSPNP.SYS[fffff88001bb243f] -> nt!IofCallDriver -> [0xfffffa8003c866d0]

22:55:54.318 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8004b4d680]

22:55:54.318 \Driver\atapi[0xfffffa8004b08b70] -> IRP_MJ_CREATE -> 0xfffffa80049e72c0

22:55:55.425 AVAST engine scan C:\Windows

22:55:57.469 AVAST engine scan C:\Windows\system32

22:58:39.975 AVAST engine scan C:\Windows\system32\drivers

22:58:51.613 AVAST engine scan C:\Users\Woahdiggity

23:29:29.767 AVAST engine scan C:\ProgramData

23:33:17.544 Scan finished successfully

23:35:50.970 Disk 0 MBR has been saved successfully to "C:\Users\Woahdiggity\Desktop\MBR.dat"

23:35:50.970 The log file has been saved successfully to "C:\Users\Woahdiggity\Desktop\aswMBR.txt"

new DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_22

Run by Woahdiggity at 23:37:10 on 2013-03-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2177 [GMT -4:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe

C:\Program Files (x86)\ASUS\AASP\1.01.05\aaCenter.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Jumi\jumi.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net

uWindows: Load = C:\Users\WOAHDI~1\LOCALS~1\Temp\mssiyx.exe

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"

mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: $talisma_url$

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{3456305E-2EB2-41AF-B1B1-BFA91D257539} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{B647C36A-350A-4CA3-94B9-8A586072FA3D} : DHCPNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Woahdiggity\AppData\Roaming\Mozilla\Firefox\Profiles\uoa6txxx.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll

FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

.

============= SERVICES / DRIVERS ===============

.

P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-10-22 178920]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-1 469144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-22 203776]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 682344]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-11-5 517632]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-10-22 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-4-1 79504]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-22 116752]

R3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-30 24176]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-1 119968]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-4-1 77104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-18 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-1 1255736]

.

=============== Created Last 30 ================

.

2013-03-23 02:29:01 -------- d-----w- C:\Windows\ERUNT

2013-03-23 02:28:15 -------- d-----w- C:\JRT

2013-03-21 00:02:56 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-21 00:02:55 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-20 23:57:11 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-20 23:57:10 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-20 23:57:10 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-20 23:56:59 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-03-20 23:56:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-20 23:56:54 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-03-20 23:56:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-03-20 23:56:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-03-20 23:56:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-03-20 23:56:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-03-20 23:56:48 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-03-20 23:56:40 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-03-20 23:56:39 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-16 02:43:25 -------- d-----w- C:\Users\Woahdiggity\AppData\Roaming\Canneverbe Limited

2013-03-16 02:43:25 -------- d-----w- C:\ProgramData\Canneverbe Limited

.

==================== Find3M ====================

.

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-13 18:42:06 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 18:42:06 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

.

============= FINISH: 23:37:49.68 ===============

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-03-23.01 - Woahdiggity 03/24/2013 1:13.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2888 [GMT -4:00]

Running from: c:\users\Woahdiggity\Documents\My Word Documents\Work\Shadow Dr Morcos\combofix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Internet Explorer\3D4E.tmp

c:\users\Woahdiggity\AppData\Roaming\inst.exe

c:\users\Woahdiggity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online

c:\users\Woahdiggity\AppData\Roaming\vso_ts_preview.xml

c:\users\Woahdiggity\Desktop\Guard Online .lnk

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\00000001.@

c:\windows\assembly\tmp\U\00000004.@

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))

.

.

2013-03-24 05:26 . 2013-03-24 05:26 -------- d-----w- c:\users\Mcx2-WOAHDIGGITY-PC\AppData\Local\temp

2013-03-23 02:29 . 2013-03-23 02:29 -------- d-----w- c:\windows\ERUNT

2013-03-23 02:28 . 2013-03-23 02:28 -------- d-----w- C:\JRT

2013-03-21 00:02 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-21 00:02 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-20 23:59 . 2013-03-20 23:59 -------- d-----w- c:\program files\Microsoft Silverlight

2013-03-20 23:59 . 2013-03-20 23:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-03-20 23:57 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-20 23:57 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-20 23:57 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-20 23:56 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-03-20 23:56 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-20 23:56 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-03-20 23:56 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-03-20 23:56 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-03-20 23:56 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-03-20 23:56 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-03-20 23:56 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-03-20 23:56 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-03-20 23:56 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-03-16 02:43 . 2013-03-16 02:43 -------- d-----w- c:\users\Woahdiggity\AppData\Roaming\Canneverbe Limited

2013-03-16 02:43 . 2013-03-16 02:43 -------- d-----w- c:\programdata\Canneverbe Limited

2013-03-16 02:43 . 2013-03-16 02:43 -------- d-----w- c:\program files (x86)\CDBurnerXP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-04 18:53 . 2010-01-05 20:25 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-02-12 05:45 . 2013-03-20 23:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-20 23:56 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-20 23:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-20 23:56 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-20 23:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-20 23:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-13 18:42 . 2012-09-05 00:47 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-13 18:42 . 2011-05-18 18:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-04 04:43 . 2013-03-20 23:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JumiController"="c:\program files (x86)\Jumi\jumi.exe" [2011-05-11 3406336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]

"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2010-03-10 1439360]

"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2009-12-29 633984]

"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-07-06 273544]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATICDSDr;ATICDSDr;c:\users\WOAHDI~1\AppData\Local\Temp\ATICDSDr.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-07-02 82816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-16 834544]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-22 203776]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-01-22 116752]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]

S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 172032]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.att.net

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Woahdiggity\AppData\Roaming\Mozilla\Firefox\Profiles\uoa6txxx.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe

c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

c:\program files (x86)\ASUS\AASP\1.01.05\aaCenter.exe

.

**************************************************************************

.

Completion time: 2013-03-24 01:43:31 - machine was rebooted

ComboFix-quarantined-files.txt 2013-03-24 05:43

.

Pre-Run: 142,184,878,080 bytes free

Post-Run: 143,021,318,144 bytes free

.

- - End Of File - - BA1E53CB2F8B259224CCE77342BEC4C2

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.