Jump to content

Possible Infection by Trojan.Ransom


Recommended Posts

Hi, This is my first time ever posting about malware and a infection... Over the years, I have dealt with many viruses and malware myself and cleaned many systems, but this one seems to be over my head.....

 

Two days ago, Malware Bytes gave me a notification of -

 

DETECTION    C:\Users\Laptop\AppData\Local\Temp\1gerwef.exe    Trojan.Ransom    QUARANTINE

 

It happened as soon as I turned the computer on and established a internet connection... I immediatly ran malwarebytes with a full system scan and the result was clean... Ever Since it notified me and quarentined Trojan.Ransom, I have been recieving notifications that malwarebytes is blocking malicious IP connections to svchost.. Here are a couple from the protection logs...

 

IP-BLOCK    94.102.56.219 (Type: incoming, Port: 19, Process: svchost.exe)
IP-BLOCK    109.230.220.198 (Type: incoming, Port: 5060, Process: svchost.exe)

IP-BLOCK    74.118.195.160 (Type: incoming, Port: 53, Process: svchost.exe)
IP-BLOCK    94.102.52.95 (Type: incoming, Port: 53, Process: svchost.exe)

IP-BLOCK    74.118.195.160 (Type: incoming, Port: 19, Process: svchost.exe)
IP-BLOCK    93.174.93.174 (Type: incoming, Port: 80, Process: svchost.exe)

IP-BLOCK    93.174.93.174 (Type: incoming, Port: 8080, Process: svchost.exe)

 

I have never had any notifications before until this virus was detected and I think im possibly infected...

 

Here are the dds logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by Laptop at 16:45:47 on 2013-06-21
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2062 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe





TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\2656C6B696E6E2833316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\5436F6E6F6D6970294E6E602F4E6D2759664960233 : DHCPNameServer = 192.168.182.1
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\6596C6C616765694E6E6 : DHCPNameServer = 198.190.135.11 198.6.1.4
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\86967686C616E646370296E6E60223 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{E088C0BD-B017-4269-841A-F02C9E61BA95} : NameServer = 198.224.180.135 198.224.179.135
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden



x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-13 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-13 55296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-12-13 291352]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-10 24904]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 344680]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-8 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-05-23 16:58:17    --------    d-----w-    C:\Users\Laptop\LuminanceHDR
2013-05-23 16:58:11    --------    d-----w-    C:\Program Files\Luminance HDR
2013-05-23 16:57:51    --------    d-----w-    C:\Users\Laptop\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-03-27 14:05:01    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 14:05:01    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-27 13:57:22    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 13:57:21    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-27 13:57:21    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-24 02:33:24    982912    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 16:46:16.59 ===============
 

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2011 7:29:37 PM
System Uptime: 6/21/2013 4:14:14 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 163D
Processor: Intel® Core i5 CPU       M 480  @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 668 GiB total, 385.116 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 4.443 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 6/12/2013 12:06:33 AM - Scheduled Checkpoint
RP83: 6/19/2013 4:55:20 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 12.0
Adobe Stock Photos 1.0
Agatha Christie - Peril at End House
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor

Link to post
Share on other sites

Sorry, The attatch.txt was cut off, and I forgot to mention utorrent has been deleted, Utorrent has never been used so it was not the source for any infection .... Here is a new dds scan with updated logs....

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by Laptop at 22:59:35 on 2013-06-23
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.1825 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Laptop\Downloads\RogueKiller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Hughes Toolbar: {ACE05D27-819C-4828-B816-BE002D223E10} - C:\Program Files (x86)\hughestoolbar\hughestoolbarDx.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter1\HughesNetStatusMeter\HughesNetStatusMeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe





TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\2656C6B696E6E2833316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\5436F6E6F6D6970294E6E602F4E6D2759664960233 : DHCPNameServer = 192.168.182.1
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\6596C6C616765694E6E6 : DHCPNameServer = 198.190.135.11 198.6.1.4
TCP: Interfaces\{24D30B06-0D9E-4E15-88A6-F608918CBE0D}\86967686C616E646370296E6E60223 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{E088C0BD-B017-4269-841A-F02C9E61BA95} : NameServer = 198.224.180.135 198.224.179.135
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden



x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-13 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-13 55296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-12-13 291352]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-10 24904]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 344680]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-8 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-21 22:09:43    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2013-03-27 14:05:01    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 14:05:01    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-27 13:57:22    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 13:57:21    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-27 13:57:21    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:00:12.03 ===============
 

 

Attach.txt

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2011 7:29:37 PM
System Uptime: 6/22/2013 12:50:52 PM (35 hours ago)
.
Motherboard: Hewlett-Packard |  | 163D
Processor: Intel® Core i5 CPU       M 480  @ 2.67GHz | CPU | 1173/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 668 GiB total, 384.833 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 4.443 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 6/12/2013 12:06:33 AM - Scheduled Checkpoint
RP83: 6/19/2013 4:55:20 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 12.0
Adobe Stock Photos 1.0
Agatha Christie - Peril at End House
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Cake Mania
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Coupon Printer for Windows
CyberLink DVD Suite
D3DX10
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Fences Pro
Final Drive Nitro
Google Chrome
Google Update Helper
Heroes of Hellas 2 - Olympia
HiJackThis
HP 3D DriveGuard
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass Identity Protection
HP Software Framework
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
Hughes Toolbar
HughesNet Status Meter
Hulu Desktop
I.R.I.S. OCR
ICA
IDT Audio
Image Plugin
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java 7 Update 17
Java Auto Updater
Java 6 Update 21
Java 6 Update 21 (64-bit)
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LG USB Modem Drivers
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery P.I. - The London Caper
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PSPPContent
PSPPRO_DCRAW
PureHD
PX Profile Update
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
RoxioNow Player
SAMSUNG USB Driver for Mobile Phones
Setup
Share
Share64
swMSM
Synaptics Pointing Device Driver
Times Reader
Validity Sensors DDK
Verizon Mobile Broadband Drivers
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Verizon Wireless USB760 Firmware Updates
Video Mover
VIO
Virtual Families
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
VSClassic
VSPro
VZAccess Manager
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPcap 4.1.2
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/23/2013 10:05:55 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR11.
6/22/2013 5:43:24 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR3.
6/18/2013 9:06:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
6/18/2013 7:28:57 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR17.
6/18/2013 1:56:35 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer SHOP2-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24D30B06-0D9E-4E15-88A6-F608918CBE0D}. The master browser is stopping or an election is being forced.
6/18/2013 1:45:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
6/18/2013 1:44:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/18/2013 1:44:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
6/17/2013 10:28:09 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
6/16/2013 12:27:08 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR9.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java and then run the following.  I'll check back on you some time later tomorrow.

 

Java 7 Update 17
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 21 (64-bit)

 

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
 

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Malwarebytes Anti-Rootkit from HERE


  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


STEP 03

Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 04

Please download AdwCleaner by Xplode to your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 05

button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

Link to post
Share on other sites

Thank You very much for your help... First, I didnt think much about it during my first post, but, back in December 2012, I was infected with some rootkits and a trojan..I dont know if they were completly gone or not... Also, several days before this Trojan.Ransom appeared, my Yahoo email was hacked from someone in Romania so im not sure if that may be part of the infection.. I did immediatly change all improtant passwords... These below are the infections from last December...

 

C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\n.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

 

...............................

 

Ok, I uninstalled all Java, but couldnt find the Java Auto Updater to uninstall it, It wasnt with the others and im not sure where to look for that one.. Java AU had been constantly popping up asking me to give permission to update it for the last several weeks and I ignored it and denied permission until I finally disabled it at startup a couple days ago... Something didnt seem right with the way it was constantly prompting me but I wasnt sure..

 

Here are the MBAR Logs.... Scan came up clean.....

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.24.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-HP [administrator]

6/24/2013 02:47:57 PM
mbar-log-2013-06-24 (17-09-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 246124
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

...........................

System-log.txt

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4083007488, free: 1965645824

Downloaded database version: v2013.06.24.01
Initializing...
------------ Kernel report ------------
     06/24/2013 02:47:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS

 

.....................................................

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Laptop on Mon 06/24/2013 at  3:06:47.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] C:\Windows\syswow64\shoD1DE.tmp
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{034FD4F0-E1FB-4A98-AE72-E15B0E8A0656}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{04F9BD9A-6683-454A-91BD-A3AC7C529BF3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{081C4A1E-FAC0-4CE7-BBF5-BCD5998A9911}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{08521002-20E1-49B8-A872-2F794248C391}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{096563D7-D94A-4702-899C-A33AB591DF7C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{0AE6E2E6-DAC5-41AF-A3F9-A009C432C602}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{11603623-D4E1-41AD-9BC2-F8C3A3C3CDAD}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{122B1BBA-7BBC-441A-8398-956C5F42C65F}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{12C8F953-7212-4750-AB03-308B50E7B3D2}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{17E43574-FABE-438D-9054-78E5E061C1EB}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1A8AF5B3-93E2-40E7-9B09-3B1A8810D662}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1C5C05ED-6EA9-43B4-AD37-19D6A26E0124}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1D578A9F-AD86-4C27-B74A-24D01DE12AF1}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{1F770DD5-DD5F-451D-B615-B3D908753357}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{21CAEED1-3755-4CA6-AB58-8EF870180ADB}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{266AB6C9-9CA1-4A69-B216-2E36204F83AF}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{26724B14-3622-4077-8626-1A6AF9EF8638}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2688A878-0357-45B2-9762-D93C5E6EA635}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2A715466-8BC5-40E2-B0ED-EC6050C9849B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2B001FB4-43C4-4AE9-B349-624235C1BA13}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{2EB88F3A-C0B5-4B02-B57E-ED90189148C7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{322CA908-A4C8-4667-A373-1B3366A2F0C7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{35460B04-ED18-4072-A1B2-11BB97983CCE}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3A279BE5-88C5-4C71-81AA-C900130B3CBA}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3B10DC0A-BCF9-4521-8E4B-6BA972F79176}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{3C61BAFE-1DD1-42D1-894F-0E3A74B52139}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4033D857-3E73-4352-AC1D-8F19822A6DC0}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{40739BB0-A527-4837-B920-73D2D0F1EC47}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4867FC29-1CEE-4EE1-A95E-37AA1A5FAA8C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{48B213A5-F9D4-471A-8D8A-143C82C11B40}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4E659197-C00B-401F-807D-ABD21CE3174D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4EF2917F-9DFE-41B6-B46C-7F0A1B635010}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4F263F7F-B54E-4191-B174-97E1C59A8F1B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4FB177F6-961A-41CA-BFE0-5292E84EC2B8}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{4FD30339-E574-499D-8F51-1DAA02714AA8}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{50FFA2BB-A95F-41A8-9B23-B4AF94ACC70D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{515A8313-290E-424C-929D-E479074C213D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{52C6F7D0-DD97-4B8E-9788-6E80B5A6AE13}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5345652F-0822-4131-8557-59A91A265F90}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{55714BEC-A451-4D32-AA19-2301CE12AE4C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5661AF8C-4FF3-4420-BAB7-58D7E9807890}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5792C064-6952-4C34-8234-E6D6A4BF8D46}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5AB05C3B-2FC2-419D-BE11-ED5AB795D1EC}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5AF6DB41-5DF6-4683-8DED-9E8502F5E597}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{5FF8C1C2-04C3-414E-92D0-448120BB0BB1}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{61AEB5EF-D403-40F1-B902-3F47ED57AA04}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{62B045B6-276F-43D2-9B33-4AC5EF22D61A}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{63601570-C990-4B1E-9855-3CB6880A230F}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{63B68C9B-6615-4C4F-8B8B-396B5D6C94DE}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6728F144-E529-454E-89E8-AB6658BC0277}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{69E4B4B0-580D-42A2-B2DB-8F65E652047F}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6A1F364A-C8C4-483F-89C3-00EFD27463A3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6A8BB89A-7AE7-45FA-850E-2934E20C2ECD}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6AC6B0E3-00C5-4619-A926-902B32643255}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6DC5B6A2-22F1-427F-8C29-B4862AA16F9C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6F6E50AA-6603-434B-898A-369ADEE9647C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{6F92C7E0-9527-407B-9335-64F9FFB789E7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{728DD84B-845D-432B-8E30-6B4FD6929801}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7308A06A-2825-4D5A-852D-6851D37121B0}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{732242B9-5295-48F8-9F50-35A93177DA2B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{78232BE4-CF67-447B-AAFA-34CF8ED79584}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7972859E-9F40-4DA3-AE59-C90E85EA8AB7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{7FE77A0C-7205-4F1D-8160-8F27476DF1C7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{810E428C-CB0F-4927-9E9D-EEEA6C510A4E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{816B7718-8CF3-4E64-9A91-F8BEA38301B2}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{82ED6643-1EEC-41A9-943A-C38EEF68143D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{85315B88-C3C1-42DD-B830-54E03AFD298E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{8631666C-280D-4BC7-BB7D-49899A0CD6FC}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{86CCAD6B-E246-45C6-9DD6-00AF26C28D17}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{894D487E-5A03-402C-957E-ADCC567F68AA}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{8BCBAC6B-70DC-41BA-B64F-F25C144EDAE7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{905478D8-4047-4226-92BA-CD0244DB397D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{90BA440D-055B-4061-B905-EF62F3BD64E3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{94F0628D-E281-4217-8741-19F07A91007E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{953F3546-39A7-4C94-87A7-1770A4460E3C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{983D7625-FEE1-4F50-9167-D3B130C7C4F6}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9AEDE540-B023-4530-847D-2EEF016D375B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9B0AAD36-180A-48F6-8C36-642BF48F3974}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9BB03B47-1FAB-40B4-B714-AE0EFCCBCB5D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9BCD4530-7657-4438-8B49-58D36AC96AFB}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9D4F8AF8-1AFD-4C77-8CF5-9ECD90BE1790}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{9E675FEF-9174-4006-9554-462B9CB3120B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A1EE83EF-22F3-479D-898B-00BC2C72C7BA}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A23697FA-CFB6-4327-A56B-1F749AC96243}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A43302EE-6349-4E36-BAF4-4F64E454303D}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A446B26C-4B19-41AD-8B9E-0B529F6B3E96}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A44CCF80-0B67-4748-B67E-396D83ED9BE3}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A4D9DB82-B5B4-429A-9A4A-4AE01E221127}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{A7A7B5D4-A4FA-4CE7-A0E9-2B8D81EF9CE5}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AED338B0-C854-48E8-9181-C375BDC9BAD8}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AFDA6BBA-7D32-4707-AC3D-23F724AB1DB5}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{AFECFF8B-300F-437E-898B-932987165DE6}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{B79BADE9-F594-4A0F-A871-19EBF1311E9E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{B7E3881C-9316-4095-B255-5BFA233E7EFE}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BAC619CD-B5AA-40CC-B9C5-798C5F9544E1}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BB63FA6D-642C-4F8A-81C2-C48AB629FE03}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BB8C8BFB-6B17-47AA-8667-0C82AD6A5B30}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BC05AC1F-6C4C-4B94-8EDD-5802E8015635}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{BDA36264-9BC5-4C25-B147-0DCB579B539F}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C44E7A2F-D9CB-4A54-BA41-26CC983E5382}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C8685658-86EB-4B5E-9BAA-FE1526986F54}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{C98E298F-61A7-4FC3-BA48-1379FFA06501}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{CB082313-B3FF-4297-8CF1-110A4FD4FE71}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{CE746BEF-D915-498E-992D-8EE35DF9DD1B}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D1FE8CDA-A6A1-4CFA-AC14-B65124349BA7}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D4577600-0EDD-48B5-BC8A-9721E1252247}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D8446FF7-9883-4F19-9846-9B598694AC54}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{D97405AA-DB19-442F-BF55-59B2073A92D8}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E00A3C5A-934C-4344-99F1-AF665A1CDCA1}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E295728B-4F90-447D-9D1D-20F3CC697B9E}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E563BAC5-2CBD-4CDC-A62D-C546BAA217DA}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E7BBF403-7155-473E-9092-F6ED4FCEE9C2}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E7EE9E3E-38F0-432A-A82E-84BB2357EF0A}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{E8F487B3-6BE3-4004-841E-061495421594}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EC1951AF-8B37-4E5B-BB45-D935027A958F}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EC60D1E5-9ABA-4BF9-BE2A-E6FE32CAC2A9}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{EE7E8EA8-1A25-408A-9B4E-820A9E9D97A9}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{F1C8CA64-8BE0-4613-8727-98F1417E084C}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{F30BEAE6-C432-4A6C-8808-E1EBB9AF217A}
Successfully deleted: [Empty Folder] C:\Users\Laptop\appdata\local\{FADED8B6-4F6D-42EC-80F3-5109E7C57E3A}



~~~ FireFox

Emptied folder: C:\Users\Laptop\AppData\Roaming\mozilla\firefox\profiles\septwzum.default\minidumps [149 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/24/2013 at  3:12:26.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

............................................................

 

Will include rest of logs in another post......

Link to post
Share on other sites

MBAR System-log got cut off... here is the complete log... sorry about that.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4083007488, free: 1965645824

Downloaded database version: v2013.06.24.01
Initializing...
------------ Kernel report ------------
     06/24/2013 02:47:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\nwusbmdm_000.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nwusbser_000.sys
\SystemRoot\system32\DRIVERS\nwusbser2_000.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR12
Upper Device Object: 0xfffffa800b17d560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000106\
Lower Device Object: 0xfffffa800a2ab4a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800528c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004fb7050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800528c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800511c930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800528c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800511bb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004fb7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40C486BC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 1401108480

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1401518080  Numsec = 63418368

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1464936448  Numsec = 210672

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800b17d560, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1ab330, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b17d560, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a2ab4a0, DeviceName: \Device\00000106\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

Link to post
Share on other sites

Adwcleaner

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 04:42:26
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Laptop - LAPTOP-HP
# Boot Mode : Normal
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Laptop\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\septwzum.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]

*************************

AdwCleaner[R1].txt - [45693 octets] - [24/06/2013 03:14:07]
AdwCleaner[s1].txt - [2128 octets] - [24/06/2013 04:42:26]

########## EOF - C:\AdwCleaner[s1].txt - [2188 octets] ##########
 

........................................

 

Eset Online Scanner

 

C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000004.@.vir    Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000000.@.vir    Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000032.@.vir    a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Users\Laptop\AppData\Local\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000064.@.vir    Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\00000004.@.vir    Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000000.@.vir    Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000032.@.vir    Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{28af6edd-2a87-e657-e98b-7370bb69010a}\U\80000064.@.vir    Win64/Sirefef.AM trojan
C:\Users\Laptop\Downloads\GPUMeter.exe    a variant of Win32/OpenInstall application
 

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Then run MBAM and check for update and do a Quick Scan and post back the log.

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.67  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

TDSSKiller.2.8.16.0_24.06.2013_05.35.28_log.txt

Link to post
Share on other sites

  • Root Admin

Please either update your Adobe Reader 9 to the latest update or uninstall it and install version 11.x and update it.

Then you need to go get the latest Service Pack 1 for your system and install it.

Then go back and check the Windows Updates for ALL Critical Updates and apply those as well. Running older outdated Operating System files can help lead to or allow some exploits and infections that might otherwise have been prevented had you been running the latest updates.

Link to post
Share on other sites

Ok, I will definately make it a point to update everything as soon as I can.... I am currently at our second home and only have a Verizon 3g USB modem for internet access until next week.... I only have 1GB left for Data on it....

 

Another reason Windows and other programs are out of date is because our main internet is HughesNet Satelite and they only allow 250mb per day of Data, I have to keep all auto-updates off as im sure your aware, 250MB is very small and it does not take long at all to use it all up.... There is a small window overnight after 2am that is unlimited, so I will have to make it a point to get it done during that time.....

 

I also have a question about the Viruses listed under the ESET Scan. I see they are from a previous infection and quarentined in the Combofix Folder Quoobox....at the time I used Combofix, I didnt know much about the program and heard about it from a friend, not from the forums, so I actually didnt know alot about it or all the cautions and warnings, but do have some knowledge about running logs, reviewing them and being able to understand a alot of what is displayed.. Well, when I ran Combofix, it was a last ditch effort as I was told it was powerful and good at removing stubborn viruses others couldnt, so I had downloaded and ran it with no ill side effects, but I had assumed it deleted them when it was done.. Do I need to delete them somehow... I have since read on the forums you should uninstall combofix after perscribed scanning was completed and finished....

Link to post
Share on other sites

Since we scanned, I did notice that the CPU and Ram are running a little lower and the computer was a little quicker.... I also didnt have any malicious IP Blocks....

 

but, something wierd did happen late this afternoon..... I was reading a post on another trusted forum im on... actually, its the HughesNet Official Forum... It was the only ting I had open and something flashed on the computer screen for a split second like a window and disappeared, and also a Icon in the taskbar at the bottom at the same time.... then the mouse cursor swithced to the little circular arrow and was freaking out for about 2 minutes like something was loading but nothing was visible.... I tried to open task manager to see what process or service it could be, but it quit before I could.... then about 20 minutes later, I did get another malicious IP block notification and havent had any since....

 

then, when I opened the laptop and the desktop loaded, I recieved a wierd prompt ive never seen before claiming to be Windows.. I closed it out with the X at top to get rid of it because I didnt trust it... I took a screenshot ill attach below...

 

post-141981-0-38632000-1372224200_thumb.

Link to post
Share on other sites

I did manage to get alot of Windows 7 updates this morning while waiting at the Dr's Office on thier guest wifi..

 

Service Pack 1 didnt show up on the list  at the time, but after I installed the 120 Win7 security updates, it is now showing up on the list of improtant updates so I will get it done the next when I get to regular internet access again....

Link to post
Share on other sites

  • Root Admin

Yeah, SP1 is a big download so you'll want to make sure you have a good connection for it.

 

I'll go ahead then and close your topic now and wish you the best.

 

When you have time please read the following

Best Practices for Safe Computing - Prevention of Malware Infection

 

Thank you again

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.