Constant IP Blocked Messages

[Tray0725]

Hi,

I'm getting nearly constant IP Blocked messages logged by Malwarebytes Pro. These are both outgoing and incoming. They occur with my Internet browser open or closed. Full scans by Malwarebytes does not reveal any threats and neither does my Anti Virus Program.

 

Also, the Windows Action Center (in the system tray) says that I'm infected with the Win32/Small.CA, virus. Although, no scans have detected it including the Windows Safety Scanner.

 

I copy/pasted the results of DDS.txt and Attach.txt below. Thank you in advance for your help!

Tim

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611
Run by Tim at 8:03:09 on 2013-06-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3326.2136 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\programdata\wrdata\pkg\LPBar.dll
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [MpsOnn] c:\windows\system32\spool\drivers\w32x86\3\MpsOnn.exe
mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [soundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition

\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\wruninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\wruninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect

\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate

\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned>
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-

eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000


TCP: NameServer = 192.168.0.1 63.162.197.99
TCP: Interfaces\{959D1847-3019-4AFD-9860-BCFEA9905A3D} : DHCPNameServer = 192.168.0.1 63.162.197.99
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --

configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\vpjbvn0t.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-11-5 117792]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-25 176128]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-12 701512]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-16 2673064]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-9-24 102416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-7 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-11-5 742408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-2 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-13 1343400]
.
=============== Created Last 30 ================
.
2013-06-25 12:03:14 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0f0f38a-7dbd-4d1f-b194-

982c03808607}\offreg.dll
2013-06-24 18:27:02 -------- d-----w- c:\users\tim\appdata\local\{C0A7A5FD-CAF5-476D-BFCF-9A550B5C312B}
2013-06-23 19:53:48 -------- d-----w- c:\users\tim\appdata\local\{F97A6549-B523-4EAB-9588-F6736C1F6A6D}
2013-06-22 14:01:41 -------- d-----w- c:\users\tim\appdata\local\{3EFB5DEE-90AE-44A3-B755-CD9E318564EF}
2013-06-22 02:01:30 -------- d-----w- c:\users\tim\appdata\local\{16DA8AF5-70F2-4A14-B7C7-A5F698C49FF6}
2013-06-21 14:01:19 -------- d-----w- c:\users\tim\appdata\local\{2D644E58-5D07-42B7-8769-91DE2A47E0B5}
2013-06-21 09:54:01 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0f0f38a-7dbd-4d1f-b194-

982c03808607}\mpengine.dll
2013-06-20 17:42:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-20 15:12:59 -------- d-----w- c:\users\tim\appdata\local\{318BCB3E-1B46-48C3-A5F9-25251791CFE1}
2013-06-20 00:42:30 -------- d-----w- c:\users\tim\appdata\local\{C079FDC3-78B9-4664-B03A-00AA5EB29109}
2013-06-19 11:31:27 -------- d-----w- c:\users\tim\appdata\local\{C9DFA013-7BDD-4B09-BCCA-4385BC83B26C}
2013-06-18 23:31:16 -------- d-----w- c:\users\tim\appdata\local\{B494C055-597E-4FF5-886D-DAF8928FCE61}
2013-06-18 12:50:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-18 11:30:52 -------- d-----w- c:\users\tim\appdata\local\{D0E72053-7E75-4FF2-8C2B-D407E7CBFED6}
2013-06-17 23:30:30 -------- d-----w- c:\users\tim\appdata\local\{7D3AE746-FCCC-4BEB-8C29-C0A26BD867A1}
2013-06-17 11:29:29 -------- d-----w- c:\users\tim\appdata\local\{D8E6C074-C46D-4318-8BD2-40BE6941B099}
2013-06-16 18:41:29 -------- d-----w- c:\users\tim\appdata\local\{9ECFA7F1-BBAE-4E7F-8947-F75AE0FD2294}
2013-06-16 06:41:18 -------- d-----w- c:\users\tim\appdata\local\{F0179482-1EF0-4D20-B4BD-C4567676A823}
2013-06-15 18:41:08 -------- d-----w- c:\users\tim\appdata\local\{96DE1A6E-18DC-4DDD-9AEA-26FAB06E078D}
2013-06-14 17:06:41 -------- d-----w- c:\users\tim\appdata\local\{8AB9F9CE-7A9C-4208-955E-6FD232C304D5}
2013-06-13 16:53:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 16:53:09 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-13 16:51:02 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-13 16:51:02 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-06-13 16:51:01 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-13 16:51:01 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-13 16:51:01 257536 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-06-13 16:51:01 235520 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-06-13 16:51:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-13 16:50:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-06-13 16:50:58 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-06-13 16:50:58 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-13 10:10:10 -------- d-----w- c:\users\tim\appdata\local\{652850D7-51F4-4DB4-9774-F7EDDA80BED4}
2013-06-12 22:09:59 -------- d-----w- c:\users\tim\appdata\local\{2210522D-B0C8-4535-A3BE-1B83C068B258}
2013-06-12 10:09:35 -------- d-----w- c:\users\tim\appdata\local\{6BF5FF51-0AA5-465A-806A-D8C1FCD8899B}
2013-06-12 03:03:04 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 03:02:55 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 03:02:46 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 03:02:38 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 03:02:38 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 03:02:38 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 03:02:38 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 03:02:38 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 03:02:27 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 03:02:18 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 03:02:18 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 03:02:14 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 22:09:12 -------- d-----w- c:\users\tim\appdata\local\{0CBA7CAA-F9DD-403F-83E3-B1C2CB6F71CF}
2013-06-11 10:09:01 -------- d-----w- c:\users\tim\appdata\local\{6A0B75B9-5F46-4E6D-9124-997CC72A0EE0}
2013-06-10 16:16:41 -------- d-----w- c:\users\tim\appdata\local\{97FD5385-B236-4041-8BBB-36EB1A6F9866}
2013-06-10 04:16:17 -------- d-----w- c:\users\tim\appdata\local\{CF63D6F7-DD28-4B74-BC8B-3B268C56ECBD}
2013-06-09 08:48:15 -------- d-----w- c:\users\tim\appdata\local\{B7AFB439-BA00-4D01-BAF8-D06882BF056A}
2013-06-08 20:48:00 -------- d-----w- c:\users\tim\appdata\local\{8EABA058-A9AF-4F0B-BB5F-A8D9EA26EA28}
2013-06-08 08:47:49 -------- d-----w- c:\users\tim\appdata\local\{4FA8842E-D162-421E-9B1E-68C3690AA6A4}
2013-06-07 20:47:38 -------- d-----w- c:\users\tim\appdata\local\{E7B9A743-BAF5-45FD-9EEF-86BF9DFD410B}
2013-06-06 20:25:07 -------- d-----w- c:\users\tim\appdata\local\{D8CA27CB-39AF-42E3-840E-F3F97E4ECAA6}
2013-06-05 15:58:56 -------- d-----w- c:\users\tim\appdata\local\{A8A55630-D8BC-411D-BAC8-FA741E1F2A95}
2013-06-05 03:58:45 -------- d-----w- c:\users\tim\appdata\local\{695B03E5-68CC-46F2-A6C1-B775D607870D}
2013-06-04 15:58:35 -------- d-----w- c:\users\tim\appdata\local\{661432C0-10B0-4BF2-8BCF-CF4B1ACEC527}
2013-06-03 21:42:24 -------- d-----w- c:\users\tim\appdata\local\{C9A22B7D-C2E4-4677-97DB-74263AF19D7C}
2013-06-03 09:12:19 -------- d-----w- c:\users\tim\appdata\local\{29FA48BD-EA91-4390-8DF1-43C3D4BFE5B3}
2013-06-02 21:12:09 -------- d-----w- c:\users\tim\appdata\local\{5BD816BF-3E8E-465A-8D95-45B227C3B442}
2013-06-02 02:47:30 -------- d-----w- c:\users\tim\appdata\local\{5E03ACB1-2F75-4013-B4B4-E64F825F8477}
2013-06-01 14:47:20 -------- d-----w- c:\users\tim\appdata\local\{9F83F0B5-1779-4D8C-ACF0-9C47B14B5184}
2013-05-31 18:56:54 -------- d-----w- c:\users\tim\appdata\local\{E7FA7081-E04F-4DF7-99A8-F8085856E9E5}
2013-05-30 15:39:01 -------- d-----w- c:\users\tim\appdata\local\{04473252-621D-4B42-9C85-D13D0A4E308B}
2013-05-30 03:38:51 -------- d-----w- c:\users\tim\appdata\local\{32D681E2-D77A-4494-919A-5060E2CD04D0}
2013-05-29 15:38:40 -------- d-----w- c:\users\tim\appdata\local\{CC958464-3344-41B5-93F1-1E50A2E02C13}
2013-05-29 02:22:57 -------- d-----w- c:\users\tim\appdata\local\{0AA8A01B-6F9A-40C9-BDF5-8948BFA7FCA7}
2013-05-28 14:22:32 -------- d-----w- c:\users\tim\appdata\local\{484280FA-DE96-4F3C-B9C6-4F0B26111E7C}
2013-05-28 02:22:21 -------- d-----w- c:\users\tim\appdata\local\{FDBCA697-1770-40A5-8E71-F95B12AB7370}
2013-05-27 20:40:20 -------- d-----w- c:\users\tim\appdata\local\Microsoft Games
2013-05-27 14:22:10 -------- d-----w- c:\users\tim\appdata\local\{841C2364-DCD0-4D0E-A023-B1EBB66BC29D}
2013-05-27 02:21:59 -------- d-----w- c:\users\tim\appdata\local\{200CFC8E-2319-466D-8BD5-C9E9A3C56B09}
2013-05-26 14:21:35 -------- d-----w- c:\users\tim\appdata\local\{816605A6-9E23-438F-A708-AA8569D309F3}
.
==================== Find3M  ====================
.
2013-06-22 08:54:11 151728 ----a-w- c:\windows\system32\WRusr.dll
2013-06-22 08:54:11 117792 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2013-06-13 01:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-13 01:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-11 20:54:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 20:54:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 18:41:34 36864 ----a-w- c:\windows\system32\pdf995mon.dll
2013-03-28 18:41:34 1667072 ----a-w- c:\windows\system32\pdfmona.dll
2012-11-15 14:39:14 9842040 ----a-w- c:\program files\common files\wruninstall.exe
.
============= FINISH:  8:03:33.84 ===============

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 1/12/2011 10:42:09 AM
System Uptime: 6/25/2013 4:41:01 AM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0CU409
Processor: Intel® Core2 Duo CPU     E4500  @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 51.46 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 10 GiB total, 6.838 GiB free.
F: is FIXED (NTFS) - 130 GiB total, 16.798 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP311: 6/4/2013 10:34:29 AM - Windows Update
RP312: 6/11/2013 4:13:37 AM - Windows Update
RP313: 6/13/2013 12:50:22 PM - Windows Update
RP314: 6/18/2013 5:22:51 AM - Windows Update
RP315: 6/20/2013 1:41:24 PM - Installed Java 7 Update 25
RP316: 6/21/2013 5:53:43 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Amazon MP3 Downloader 1.0.15
AMD Drag and Drop Transcoding
APC PowerChute Personal Edition
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 2.0.3
Bonjour
Canon FAXPHONE L80
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan Toolbox Ver4.9
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Compatibility Pack for the 2007 Office system
D3DX10
Debut Video Capture Software
Dell System Detect
Driver Sweeper 2.1.0
Express Burn
FFmpeg v0.6.2 for Audacity
FlvGrabber
Free Hide Folder
Garmin City Navigator North America NT 2011
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
H&R Block Deluxe + Efile + State 2012
H&R Block North Carolina 2012
HP Photo Creations
ieSpell
Intel® TV Wizard
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
LAME v3.99.3 (for Windows)
Listen to YouTube 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Live Meeting 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2011
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Prism Video File Converter
QuickBooks
QuickBooks Pro 2011
Quicken WillMaker Plus 2011
Realtek High Definition Audio Driver
Retrospect 7.6
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
TeamViewer 7
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
VideoPad Video Editor
VLC media player 2.0.5
Webroot SecureAnywhere
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail Attachment Extractor 1.00
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
6/25/2013 6:07:02 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-

A0EE810BFE7C}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
6/24/2013 9:16:31 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
6/24/2013 9:16:31 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the

cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/22/2013 4:54:00 AM, Error: Service Control Manager [7031]  - The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The

following corrective action will be taken in 10000 milliseconds: Restart the service.
6/19/2013 9:34:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with

arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/19/2013 9:34:47 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with

arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/19/2013 11:22:54 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with

arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2013 11:22:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2013 11:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with

arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/19/2013 11:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with

arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/19/2013 11:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2013 11:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service

ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2013 11:22:38 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC

discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service

which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for

Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected

Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper

and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper

and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service

driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface

Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service

which failed to start because of the following error:  The dependency service or group failed to start.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service

which failed to start because of the following error:  A device attached to the system is not functioning.
6/19/2013 11:22:37 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock

service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================

[Maniac]

Hello Tim and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Ried]

As I'm working with Tim on the helpdesk, this thread shall be closed.