Jump to content

Got a brand new hard drive yesterday, already infected :(


Recommended Posts

Hello, thanks for your help.  I've been having problems for a while now, and I'd really like to cure the issue once and for all.  I just ran combofix, and I noticed it mentioned something about overriding my internet connection.  This is kind of freaking me out, so I thought I'll just start with posting it and letting an expert take over.  Thanks again, 

 

ComboFix 13-07-04.01 - Andy 07/04/2013  22:41:24.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.12232.9034 [GMT -7:00]
Running from: c:\users\Andy\Desktop\Combo-Fix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_05.07.2013.tureg.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-05 to 2013-07-05  )))))))))))))))))))))))))))))))
.
.
2013-07-05 04:44 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D163925-40B7-4E60-8F8B-8C3FF7C93B9A}\mpengine.dll
2013-07-04 23:50 . 2013-07-04 23:50    --------    d-----w-    c:\program files (x86)\2K Games
2013-07-04 23:48 . 2013-07-04 23:48    --------    d-----w-    c:\programdata\Gibraltar
2013-07-04 23:47 . 2013-07-04 23:48    --------    d-----w-    c:\program files (x86)\GameStop App
2013-07-04 23:47 . 2013-07-04 23:47    --------    d-----w-    c:\programdata\GameStop
2013-07-04 23:40 . 2013-07-05 00:12    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-07-04 23:40 . 2013-07-05 05:05    --------    d-----w-    c:\program files (x86)\Steam
2013-07-04 23:23 . 2013-07-04 23:23    --------    d-----w-    c:\program files (x86)\Guitar Scales Method
2013-07-04 23:00 . 2013-07-04 23:00    --------    d-----w-    c:\program files\WinRAR
2013-07-04 18:57 . 2013-07-04 18:57    --------    d--h--w-    c:\windows\Icons
2013-07-04 18:47 . 2013-01-31 17:35    35104    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-07-04 18:47 . 2013-01-31 17:35    26400    ----a-w-    c:\windows\system32\authuitu.dll
2013-07-04 18:47 . 2013-01-31 17:35    21792    ----a-w-    c:\windows\SysWow64\authuitu.dll
2013-07-04 18:47 . 2013-07-04 18:47    --------    d-----w-    c:\program files (x86)\TuneUp Utilities 2013
2013-07-04 18:47 . 2013-07-04 18:47    --------    d-----w-    c:\programdata\TuneUp Software
2013-07-04 18:47 . 2013-07-05 00:19    --------    d-sh--w-    c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-04 18:47 . 2013-07-04 18:47    --------    d--h--w-    c:\programdata\Common Files
2013-07-04 18:42 . 2013-07-04 18:42    50784    ----a-w-    c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-04 18:42 . 2013-07-04 18:42    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-04 15:10 . 2013-07-04 18:23    --------    d-----w-    c:\program files (x86)\MSBuild
2013-07-04 15:10 . 2013-07-04 18:16    --------    d-----w-    c:\program files (x86)\Reference Assemblies
2013-07-04 15:09 . 2013-07-04 18:23    --------    d-----w-    c:\program files\MSBuild
2013-07-04 15:09 . 2013-07-04 18:16    --------    d-----w-    c:\program files\Reference Assemblies
2013-07-04 15:08 . 2012-07-06 02:02    778856    ----a-w-    c:\windows\SysWow64\PresentationNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    35400    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2013-07-04 15:08 . 2012-07-06 02:02    102528    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    35400    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2013-07-04 15:08 . 2012-07-06 02:02    124040    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    1166440    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-04 15:03 . 2003-02-21 07:42    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-07-04 15:03 . 2000-10-20 08:05    25088    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-07-04 14:07 . 2013-06-17 14:03    71760    ----a-w-    c:\windows\system32\wbload.dll
2013-07-04 13:52 . 2013-07-04 18:15    --------    d-----w-    c:\program files (x86)\Amazon
2013-07-04 13:49 . 2013-07-04 18:23    --------    d-----w-    c:\program files\Speccy
2013-07-04 13:48 . 2013-07-04 13:55    --------    d-----w-    c:\program files (x86)\DLLSuite
2013-07-04 12:25 . 2013-07-04 12:25    --------    d-----w-    C:\FFOutput
2013-07-04 12:25 . 2013-07-04 18:16    --------    d-----w-    c:\program files (x86)\FreeTime
2013-07-04 12:24 . 2013-07-04 18:23    --------    d-----w-    c:\program files\Unlocker
2013-07-04 12:22 . 2013-07-04 18:23    --------    d-----w-    c:\program files\7-Zip
2013-07-04 12:21 . 2013-07-04 18:16    --------    d-----w-    c:\program files\VideoLAN
2013-07-04 12:16 . 2013-07-04 18:23    --------    d-----w-    c:\program files\CCleaner
2013-07-04 09:44 . 2013-07-04 09:45    --------    d-----w-    c:\programdata\Guitar Pro 6
2013-07-04 09:19 . 2013-07-04 09:19    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-04 08:52 . 2013-07-04 18:23    --------    d-----w-    c:\program files (x86)\Guitar Pro 6
2013-07-04 06:53 . 2013-07-04 06:53    --------    d-----w-    c:\programdata\VS Revo Group
2013-07-04 06:53 . 2009-12-30 18:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-07-04 06:53 . 2013-07-04 06:53    --------    d-----w-    c:\program files\VS Revo Group
2013-07-04 06:43 . 2013-07-04 06:44    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-07-04 05:40 . 2013-07-04 18:02    --------    d-----w-    c:\program files (x86)\BackupManager
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\program files (x86)\Common Files\LogiShrd
2013-07-04 05:14 . 2013-07-04 05:14    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\programdata\Logitech
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\program files\Logitech
2013-07-04 05:03 . 2013-07-04 05:03    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-07-04 05:03 . 2013-07-04 05:03    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-07-04 04:57 . 2013-07-04 05:14    --------    d-----w-    c:\programdata\LogiShrd
2013-07-04 04:57 . 2013-07-04 05:14    --------    d-----w-    c:\program files\Common Files\LogiShrd
2013-07-04 04:56 . 2013-07-04 04:56    --------    d-----w-    c:\program files (x86)\IrfanView
2013-07-04 04:44 . 2013-07-04 04:44    --------    d--h--w-    c:\programdata\CanonIJQuickMenu
2013-07-04 04:42 . 2013-07-04 04:42    --------    d-----w-    c:\programdata\Canon IJ Network Tool
2013-07-04 04:42 . 2012-01-16 21:21    103424    ----a-w-    c:\windows\SysWow64\CNC_BBU.dll
2013-07-04 04:42 . 2008-08-26 01:02    15872    ----a-w-    c:\windows\SysWow64\CNHMCA.dll
2013-07-04 04:42 . 2012-02-08 23:34    320000    ----a-w-    c:\windows\SysWow64\CNC_BBL.dll
2013-07-04 04:41 . 2013-07-04 04:41    --------    d-----w-    c:\programdata\CanonIJWSpt
2013-07-04 04:38 . 2012-09-20 09:10    2367528    ----a-w-    c:\windows\system32\WSService.dll
2013-07-04 04:37 . 2012-09-20 06:33    101888    ----a-w-    c:\windows\system32\SettingSyncHost.exe
2013-07-04 04:36 . 2012-11-27 06:39    1122768    ----a-w-    c:\windows\system32\Taskmgr.exe
2013-07-04 04:35 . 2013-05-10 02:42    17271808    ----a-w-    c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-04 04:35 . 2013-05-10 02:21    16642560    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\programdata\CanonBJ
2013-07-04 04:34 . 2012-04-16 12:00    30208    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-07-04 04:34 . 2012-04-16 12:00    100352    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2013-07-04 04:34 . 2012-04-16 12:00    389120    ----a-w-    c:\windows\system32\CNMLMBB.DLL
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\program files\CanonBJ
2013-07-04 04:34 . 2013-07-04 04:34    --------    d-----w-    c:\windows\system32\STRING
2013-07-04 04:34 . 2012-03-28 17:01    39424    ----a-w-    c:\windows\system32\CNMN6UI.DLL
2013-07-04 04:34 . 2012-03-28 17:01    359936    ----a-w-    c:\windows\system32\CNMN6PPM.DLL
2013-07-04 04:34 . 2012-03-28 17:00    366592    ----a-w-    c:\windows\SysWow64\CNMNPPM.DLL
2013-07-04 04:33 . 2013-07-04 13:58    --------    d-----w-    c:\program files (x86)\Canon
2013-07-04 04:22 . 2012-08-21 20:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\iTunes
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\iTunes
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\Apple Computer
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\iPod
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\Common Files\Apple
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\Bonjour
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Bonjour
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\Apple
2013-07-04 04:13 . 2013-05-15 22:35    144384    ----a-w-    c:\windows\system32\tssdisai.dll
2013-07-04 04:04 . 2012-08-07 07:09    88832    ----a-w-    c:\windows\system32\drivers\EtronXHCI.sys
2013-07-04 04:04 . 2012-08-07 07:09    65152    ----a-w-    c:\windows\system32\drivers\EtronHub3.sys
2013-07-04 04:04 . 2013-07-04 04:04    --------    d-----w-    c:\program files (x86)\Etron Technology
2013-07-04 04:01 . 2012-06-12 13:41    74344    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-07-04 04:01 . 2012-06-12 13:41    683664    ----a-w-    c:\windows\system32\drivers\Rt630x64.sys
2013-07-04 04:00 . 2013-07-04 04:01    --------    d-----w-    c:\program files (x86)\Realtek
2013-07-04 03:55 . 2012-08-28 12:27    58536    ----a-w-    c:\windows\system32\drivers\usbfilter.sys
2013-07-04 03:54 . 2013-07-04 03:54    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-07-04 03:54 . 2012-11-30 06:31    26280    ----a-w-    c:\windows\system32\drivers\amd_xata.sys
2013-07-04 03:54 . 2012-11-30 06:31    80552    ----a-w-    c:\windows\system32\drivers\amd_sata.sys
2013-07-04 03:41 . 2013-07-04 03:56    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-07-04 03:41 . 2013-07-04 03:56    25640    ----a-w-    c:\windows\etdrv.sys
2013-07-04 03:32 . 2013-07-04 03:32    --------    d-----w-    c:\program files (x86)\AMD APP
2013-07-04 03:32 . 2013-07-04 04:22    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-07-04 03:32 . 2013-07-04 03:32    --------    d-----w-    c:\program files\ATI
2013-07-04 03:31 . 2013-07-04 03:31    --------    d-----w-    c:\program files\ATI Technologies
2013-07-04 03:29 . 2009-08-27 22:04    207400    ----a-r-    c:\windows\GSetup.exe
2013-07-04 03:21 . 2013-07-04 03:21    --------    d-----w-    c:\program files (x86)\OpenOffice.org 3
2013-07-04 03:05 . 2013-07-04 03:05    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-04 03:05 . 2013-07-04 03:05    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-04 03:05 . 2013-07-04 03:05    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-04 03:05 . 2013-07-04 03:05    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 03:05 . 2013-07-04 03:05    --------    d-----w-    c:\program files (x86)\Java
2013-07-04 03:03 . 2013-07-04 03:03    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-04 03:03 . 2013-07-04 03:03    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-04 03:03 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-04 03:00 . 2013-05-02 15:29    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-04 02:59 . 2013-06-03 00:11    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-07-04 02:41 . 2012-10-10 07:04    94208    ----a-w-    c:\windows\system32\synceng.dll
2013-07-04 02:41 . 2012-10-10 06:31    72192    ----a-w-    c:\windows\SysWow64\synceng.dll
2013-07-04 02:41 . 2012-11-26 04:21    71168    ----a-w-    c:\windows\SysWow64\ncryptsslp.dll
2013-07-04 02:41 . 2012-11-26 04:20    86016    ----a-w-    c:\windows\system32\ncryptsslp.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 16:24 . 2012-07-26 02:36    68687360    ----a-w-    c:\windows\system32\imageres.dll
2013-07-04 01:52 . 2012-07-26 08:13    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-21 12:06 . 2013-02-26 07:32    2597856    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 07:32    2936208    ----a-w-    c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 07:32    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 07:32    15920536    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2013-02-26 07:32    13411896    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-06-04 22:09 . 2012-07-26 08:14    78200    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2012-07-26 08:14    693112    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:56 . 2013-07-04 02:13    444416    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37    215264    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-03 19:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-03 19:39; foxmarks@kei.com; c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-07-03 22:14; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7} - c:\programdata\{1983A45A-60BF-4D72-937F-E9C44B18E38E}\GameStopApp_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-04  22:47:44
ComboFix-quarantined-files.txt  2013-07-05 05:47
.
Pre-Run: 1,509,852,893,184 bytes free
Post-Run: 1,509,701,758,976 bytes free
.
- - End Of File - - 924192AEEF5AF506674CEB6D9315AE0B
A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Never use combofix without being instructed by trained malware removal team members as it may leave your computer unbootable.

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Also post up C:\qoobox\Add-Remove Programs.txt

Link to post
Share on other sites

Okay, here's the log.  You want me to just cut and paste directly, correct?

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-04 23:22:26
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000030 WDC_WD30EZRX-00DC0B0 rev.80.00A80 2794.52GB
Running: 7fw8xxb5.exe; Driver: C:\Users\Andy\AppData\Local\Temp\axloyfod.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [500:2236]                                           fffff9600089a5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed  -639534420

---- EOF - GMER 2.1 ----

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-04 23:22:26
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000030 WDC_WD30EZRX-00DC0B0 rev.80.00A80 2794.52GB
Running: 7fw8xxb5.exe; Driver: C:\Users\Andy\AppData\Local\Temp\axloyfod.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [500:2236]                                           fffff9600089a5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed  -639534420

---- EOF - GMER 2.1 ----
 

 

 

Also, I'm not sure what you wanted me to do with the qoobox file.  Sorry, I'm not very experienced in this. 

Thank you!

Link to post
Share on other sites

I didn't see that usual qoobox container, just the log by itself.

ComboFix 13-07-04.01 - Andy 07/04/2013  22:41:24.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.12232.9034 [GMT -7:00]
Running from: c:\users\Andy\Desktop\Combo-Fix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_05.07.2013.tureg.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-05 to 2013-07-05  )))))))))))))))))))))))))))))))
.
.
2013-07-05 04:44 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D163925-40B7-4E60-8F8B-8C3FF7C93B9A}\mpengine.dll
2013-07-04 23:50 . 2013-07-04 23:50    --------    d-----w-    c:\program files (x86)\2K Games
2013-07-04 23:48 . 2013-07-04 23:48    --------    d-----w-    c:\programdata\Gibraltar
2013-07-04 23:47 . 2013-07-04 23:48    --------    d-----w-    c:\program files (x86)\GameStop App
2013-07-04 23:47 . 2013-07-04 23:47    --------    d-----w-    c:\programdata\GameStop
2013-07-04 23:40 . 2013-07-05 00:12    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-07-04 23:40 . 2013-07-05 05:05    --------    d-----w-    c:\program files (x86)\Steam
2013-07-04 23:23 . 2013-07-04 23:23    --------    d-----w-    c:\program files (x86)\Guitar Scales Method
2013-07-04 23:00 . 2013-07-04 23:00    --------    d-----w-    c:\program files\WinRAR
2013-07-04 18:57 . 2013-07-04 18:57    --------    d--h--w-    c:\windows\Icons
2013-07-04 18:47 . 2013-01-31 17:35    35104    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-07-04 18:47 . 2013-01-31 17:35    26400    ----a-w-    c:\windows\system32\authuitu.dll
2013-07-04 18:47 . 2013-01-31 17:35    21792    ----a-w-    c:\windows\SysWow64\authuitu.dll
2013-07-04 18:47 . 2013-07-04 18:47    --------    d-----w-    c:\program files (x86)\TuneUp Utilities 2013
2013-07-04 18:47 . 2013-07-04 18:47    --------    d-----w-    c:\programdata\TuneUp Software
2013-07-04 18:47 . 2013-07-05 00:19    --------    d-sh--w-    c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-04 18:47 . 2013-07-04 18:47    --------    d--h--w-    c:\programdata\Common Files
2013-07-04 18:42 . 2013-07-04 18:42    50784    ----a-w-    c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-04 18:42 . 2013-07-04 18:42    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-04 15:10 . 2013-07-04 18:23    --------    d-----w-    c:\program files (x86)\MSBuild
2013-07-04 15:10 . 2013-07-04 18:16    --------    d-----w-    c:\program files (x86)\Reference Assemblies
2013-07-04 15:09 . 2013-07-04 18:23    --------    d-----w-    c:\program files\MSBuild
2013-07-04 15:09 . 2013-07-04 18:16    --------    d-----w-    c:\program files\Reference Assemblies
2013-07-04 15:08 . 2012-07-06 02:02    778856    ----a-w-    c:\windows\SysWow64\PresentationNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    35400    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2013-07-04 15:08 . 2012-07-06 02:02    102528    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    35400    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2013-07-04 15:08 . 2012-07-06 02:02    124040    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-04 15:08 . 2012-07-06 02:02    1166440    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-04 15:03 . 2003-02-21 07:42    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-07-04 15:03 . 2000-10-20 08:05    25088    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-07-04 14:07 . 2013-06-17 14:03    71760    ----a-w-    c:\windows\system32\wbload.dll
2013-07-04 13:52 . 2013-07-04 18:15    --------    d-----w-    c:\program files (x86)\Amazon
2013-07-04 13:49 . 2013-07-04 18:23    --------    d-----w-    c:\program files\Speccy
2013-07-04 13:48 . 2013-07-04 13:55    --------    d-----w-    c:\program files (x86)\DLLSuite
2013-07-04 12:25 . 2013-07-04 12:25    --------    d-----w-    C:\FFOutput
2013-07-04 12:25 . 2013-07-04 18:16    --------    d-----w-    c:\program files (x86)\FreeTime
2013-07-04 12:24 . 2013-07-04 18:23    --------    d-----w-    c:\program files\Unlocker
2013-07-04 12:22 . 2013-07-04 18:23    --------    d-----w-    c:\program files\7-Zip
2013-07-04 12:21 . 2013-07-04 18:16    --------    d-----w-    c:\program files\VideoLAN
2013-07-04 12:16 . 2013-07-04 18:23    --------    d-----w-    c:\program files\CCleaner
2013-07-04 09:44 . 2013-07-04 09:45    --------    d-----w-    c:\programdata\Guitar Pro 6
2013-07-04 09:19 . 2013-07-04 09:19    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-04 08:52 . 2013-07-04 18:23    --------    d-----w-    c:\program files (x86)\Guitar Pro 6
2013-07-04 06:53 . 2013-07-04 06:53    --------    d-----w-    c:\programdata\VS Revo Group
2013-07-04 06:53 . 2009-12-30 18:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-07-04 06:53 . 2013-07-04 06:53    --------    d-----w-    c:\program files\VS Revo Group
2013-07-04 06:43 . 2013-07-04 06:44    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-07-04 05:40 . 2013-07-04 18:02    --------    d-----w-    c:\program files (x86)\BackupManager
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\program files (x86)\Common Files\LogiShrd
2013-07-04 05:14 . 2013-07-04 05:14    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\programdata\Logitech
2013-07-04 05:14 . 2013-07-04 05:14    --------    d-----w-    c:\program files\Logitech
2013-07-04 05:03 . 2013-07-04 05:03    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-07-04 05:03 . 2013-07-04 05:03    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-07-04 04:57 . 2013-07-04 05:14    --------    d-----w-    c:\programdata\LogiShrd
2013-07-04 04:57 . 2013-07-04 05:14    --------    d-----w-    c:\program files\Common Files\LogiShrd
2013-07-04 04:56 . 2013-07-04 04:56    --------    d-----w-    c:\program files (x86)\IrfanView
2013-07-04 04:44 . 2013-07-04 04:44    --------    d--h--w-    c:\programdata\CanonIJQuickMenu
2013-07-04 04:42 . 2013-07-04 04:42    --------    d-----w-    c:\programdata\Canon IJ Network Tool
2013-07-04 04:42 . 2012-01-16 21:21    103424    ----a-w-    c:\windows\SysWow64\CNC_BBU.dll
2013-07-04 04:42 . 2008-08-26 01:02    15872    ----a-w-    c:\windows\SysWow64\CNHMCA.dll
2013-07-04 04:42 . 2012-02-08 23:34    320000    ----a-w-    c:\windows\SysWow64\CNC_BBL.dll
2013-07-04 04:41 . 2013-07-04 04:41    --------    d-----w-    c:\programdata\CanonIJWSpt
2013-07-04 04:38 . 2012-09-20 09:10    2367528    ----a-w-    c:\windows\system32\WSService.dll
2013-07-04 04:37 . 2012-09-20 06:33    101888    ----a-w-    c:\windows\system32\SettingSyncHost.exe
2013-07-04 04:36 . 2012-11-27 06:39    1122768    ----a-w-    c:\windows\system32\Taskmgr.exe
2013-07-04 04:35 . 2013-05-10 02:42    17271808    ----a-w-    c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-04 04:35 . 2013-05-10 02:21    16642560    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\programdata\CanonBJ
2013-07-04 04:34 . 2012-04-16 12:00    30208    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-07-04 04:34 . 2012-04-16 12:00    100352    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2013-07-04 04:34 . 2012-04-16 12:00    389120    ----a-w-    c:\windows\system32\CNMLMBB.DLL
2013-07-04 04:34 . 2013-07-04 04:34    --------    d--h--w-    c:\program files\CanonBJ
2013-07-04 04:34 . 2013-07-04 04:34    --------    d-----w-    c:\windows\system32\STRING
2013-07-04 04:34 . 2012-03-28 17:01    39424    ----a-w-    c:\windows\system32\CNMN6UI.DLL
2013-07-04 04:34 . 2012-03-28 17:01    359936    ----a-w-    c:\windows\system32\CNMN6PPM.DLL
2013-07-04 04:34 . 2012-03-28 17:00    366592    ----a-w-    c:\windows\SysWow64\CNMNPPM.DLL
2013-07-04 04:33 . 2013-07-04 13:58    --------    d-----w-    c:\program files (x86)\Canon
2013-07-04 04:22 . 2012-08-21 20:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\iTunes
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\iTunes
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\Apple Computer
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\iPod
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\Common Files\Apple
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files\Bonjour
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Bonjour
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-07-04 04:22 . 2013-07-04 04:22    --------    d-----w-    c:\programdata\Apple
2013-07-04 04:13 . 2013-05-15 22:35    144384    ----a-w-    c:\windows\system32\tssdisai.dll
2013-07-04 04:04 . 2012-08-07 07:09    88832    ----a-w-    c:\windows\system32\drivers\EtronXHCI.sys
2013-07-04 04:04 . 2012-08-07 07:09    65152    ----a-w-    c:\windows\system32\drivers\EtronHub3.sys
2013-07-04 04:04 . 2013-07-04 04:04    --------    d-----w-    c:\program files (x86)\Etron Technology
2013-07-04 04:01 . 2012-06-12 13:41    74344    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-07-04 04:01 . 2012-06-12 13:41    683664    ----a-w-    c:\windows\system32\drivers\Rt630x64.sys
2013-07-04 04:00 . 2013-07-04 04:01    --------    d-----w-    c:\program files (x86)\Realtek
2013-07-04 03:55 . 2012-08-28 12:27    58536    ----a-w-    c:\windows\system32\drivers\usbfilter.sys
2013-07-04 03:54 . 2013-07-04 03:54    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-07-04 03:54 . 2012-11-30 06:31    26280    ----a-w-    c:\windows\system32\drivers\amd_xata.sys
2013-07-04 03:54 . 2012-11-30 06:31    80552    ----a-w-    c:\windows\system32\drivers\amd_sata.sys
2013-07-04 03:41 . 2013-07-04 03:56    30528    ----a-w-    c:\windows\GVTDrv64.sys
2013-07-04 03:41 . 2013-07-04 03:56    25640    ----a-w-    c:\windows\etdrv.sys
2013-07-04 03:32 . 2013-07-04 03:32    --------    d-----w-    c:\program files (x86)\AMD APP
2013-07-04 03:32 . 2013-07-04 04:22    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-07-04 03:32 . 2013-07-04 03:32    --------    d-----w-    c:\program files\ATI
2013-07-04 03:31 . 2013-07-04 03:31    --------    d-----w-    c:\program files\ATI Technologies
2013-07-04 03:29 . 2009-08-27 22:04    207400    ----a-r-    c:\windows\GSetup.exe
2013-07-04 03:21 . 2013-07-04 03:21    --------    d-----w-    c:\program files (x86)\OpenOffice.org 3
2013-07-04 03:05 . 2013-07-04 03:05    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-04 03:05 . 2013-07-04 03:05    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-04 03:05 . 2013-07-04 03:05    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-04 03:05 . 2013-07-04 03:05    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 03:05 . 2013-07-04 03:05    --------    d-----w-    c:\program files (x86)\Java
2013-07-04 03:03 . 2013-07-04 03:03    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-04 03:03 . 2013-07-04 03:03    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-04 03:03 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-04 03:00 . 2013-05-02 15:29    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-04 02:59 . 2013-06-03 00:11    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-07-04 02:41 . 2012-10-10 07:04    94208    ----a-w-    c:\windows\system32\synceng.dll
2013-07-04 02:41 . 2012-10-10 06:31    72192    ----a-w-    c:\windows\SysWow64\synceng.dll
2013-07-04 02:41 . 2012-11-26 04:21    71168    ----a-w-    c:\windows\SysWow64\ncryptsslp.dll
2013-07-04 02:41 . 2012-11-26 04:20    86016    ----a-w-    c:\windows\system32\ncryptsslp.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 16:24 . 2012-07-26 02:36    68687360    ----a-w-    c:\windows\system32\imageres.dll
2013-07-04 01:52 . 2012-07-26 08:13    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-21 12:06 . 2013-02-26 07:32    2597856    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 07:32    2936208    ----a-w-    c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 07:32    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 07:32    15920536    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2013-02-26 07:32    13411896    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-06-04 22:09 . 2012-07-26 08:14    78200    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2012-07-26 08:14    693112    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:56 . 2013-07-04 02:13    444416    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37    215264    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-07-03 19:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-03 19:39; foxmarks@kei.com; c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\220e2aee.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-07-03 22:14; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7} - c:\programdata\{1983A45A-60BF-4D72-937F-E9C44B18E38E}\GameStopApp_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-04  22:47:44
ComboFix-quarantined-files.txt  2013-07-05 05:47
.
Pre-Run: 1,509,852,893,184 bytes free
Post-Run: 1,509,701,758,976 bytes free
.
- - End Of File - - 924192AEEF5AF506674CEB6D9315AE0B
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Link to post
Share on other sites

I've been trying over the last hour or two, but it seems impossible at this point.  I can't download that file to the location of combofix because the malware now seems to have locked up the drive.  I can still run some programs on it though.  It's all very odd.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.