Jump to content
dykesc

Multiple Malware Threats Reappearing After Removal

Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by Dykes at 20:14:21 on 2013-08-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5596.3907 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6508E91F-E16C-499A-8FFA-C0392CF26CD4} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dykes\AppData\Roaming\Mozilla\Firefox\Profiles\gwqb16b5.default\

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dykes\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-13 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-13 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-13 169048]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-5-17 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130809.001\IDSviA64.sys [2013-8-11 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-13 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-13 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-18 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-18 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-3-14 202592]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-2-7 1641768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-16 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-13 144368]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-13 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-5-16 25928]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-3-14 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-14 690832]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-17 29424]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-3-14 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-13 23448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-24 43832]
S3 SSAGBASE;SSAGBASE;C:\Windows\System32\Drivers\ssagload.sys [2013-5-21 23016]
.
=============== Created Last 30 ================
.
2013-08-11 23:10:49    261808    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-03 07:21:06    230400    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-07-29 01:27:25    --------    d-----w-    C:\Users\Dykes\AppData\Local\Google
2013-07-27 19:00:20    --------    d-----w-    C:\Users\Dykes\AppData\Local\Cyberlink
2013-07-27 18:59:10    --------    d-----w-    C:\Users\Dykes\AppData\Roaming\WebApp
2013-07-16 01:31:39    144384    ----a-w-    C:\Windows\System32\tssdisai.dll
.
==================== Find3M  ====================
.
2013-07-20 16:57:28    312832    ----a-w-    C:\Windows\System32\LocationApi.dll
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-19 01:09:33    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:33:13    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23    4036096    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-28 13:05:16    163328    ----a-w-    C:\Windows\SysWow64\FlashPlayerUpdateService.exe
2013-05-25 22:55:28    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-25 22:55:26    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-05-25 22:55:26    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-24 22:09:20    1403296    ----a-w-    C:\Windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\Windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\Windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\Windows\System32\winresume.exe
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-23 05:25:28    1139800    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-05-21 05:02:00    493656    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-05-18 04:39:47    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-05-18 04:39:47    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-05-18 04:39:47    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-05-18 03:22:21    495856    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2013-05-18 03:22:21    264432    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2013-05-18 03:22:21    192240    ----a-w-    C:\Windows\System32\SynTPCo18.dll
2013-05-18 03:22:21    151280    ----a-w-    C:\Windows\SysWow64\SynTPCom.dll
2013-05-18 03:22:20    544496    ----a-w-    C:\Windows\SysWow64\SynCom.dll
2013-05-18 03:22:20    1060080    ----a-w-    C:\Windows\System32\SynCOM.dll
2013-05-18 03:22:19    29424    ----a-w-    C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
2013-05-16 05:02:14    796760    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-05-16 03:43:38    2448384    ----a-w-    C:\Windows\SysWow64\python27.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-15 02:25:59    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-05-15 02:25:44    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-05-15 02:24:10    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
.
============= FINISH: 20:15:03.71 ===============
 

 

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 5/13/2013 8:45:12 PM
System Uptime: 8/12/2013 8:02:24 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 18A6
Processor: AMD A10-4600M APU with Radeon HD Graphics   | Socket FT1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 667 GiB total, 580.595 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 3.592 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP17: 7/29/2013 3:39:20 AM - Scheduled Checkpoint
RP18: 8/11/2013 6:05:00 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
AuthenTec TrueAPI 64-bit
BackyardEOS 2.0.9
Bejeweled 3
Bonjour
BrowserProtect
Build-a-lot 4 - Power Source
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Delta toolbar  
Dragon NaturallySpeaking 12
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
Gardenscapes: Mansion Makeover
Google Earth Plug-in
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
Hoyle Card Games
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Remote
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP SimplePass
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
Java 7 Update 21
Java Auto Updater
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
Peggle Nights
Penguins!
PHD Guiding 1.11.3
PHD Guiding 1.14.2
Photo Common
Photo Gallery
PixInsight Core for Windows (x64)
Polar Bowler
Polar Golfer
Python 2.7.5
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
SSAG 2.0 Drivers
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Validity WBF DDK
Where is M13? version 2.3
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Yahoo! BrowserPlus 2.9.8
Youda Jewel Shop
Zuma's Revenge
.
==== End Of File ===========================
 

Share this post


Link to post
Share on other sites

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Share this post


Link to post
Share on other sites

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then reboot the computer and then run MBAM and check for updates and do a Quick Scan and post back the new log.

Share this post


Link to post
Share on other sites

Looks Good!  Great job!

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Dykes :: DYKESLAPTOP [administrator]

Protection: Enabled

8/14/2013 7:41:00 PM
mbam-log-2013-08-14 (19-41-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215615
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Share this post


Link to post
Share on other sites

Let's go ahead then and clean up the tools and logs used.

 

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

 

Any questions...please post back.

 

 

Take care and stay safe out there.

 

Thank you for using the Malwarebytes forum.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.