Jump to content

Infected for sure, ASAP help please :/


Recommended Posts

My friend has been using my laptop quite often lately, and today i decided to clean it up for him. There were a number of infections i removed but I can't seem to get rid of this one :/ it won't let me update MBW, and apparently I don't have permission to edit the files were the infection is located (im admin etc) I'm pretty sure the infection is coming from adware called "welovesmilies"

 

Anyway, I'm usually ok with basic infection removal, but this has me stuck and I could use some help BIG TIME. Any info im missing please let me know, thanks!

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Admin at 6:07:04 on 2013-09-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.6092.3156 [GMT 8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin\Downloads\RogueKiller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{08143167-50A7-4924-9E3C-DB03C5C3A9E7} : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer = 125.168.254.14 61.88.88.88
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\14E64627F696461405E2 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\34964797023547169702331323D2332323 : DHCPNameServer = 216.146.35.35 216.146.36.36
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\34964797023547169702431323D2432323 : DHCPNameServer = 216.146.35.35 216.146.36.36
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\56070797A61697 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\77163737570702 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{20B1E166-0A41-414A-90D5-646EFDD443D0}\D4F6E61627F6744535332373 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer = 125.168.254.14 61.88.88.88
TCP: Interfaces\{50BE00EE-8C62-4A64-867A-D7EFFED498E3} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer = 125.168.254.14 61.88.88.88
TCP: Interfaces\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer = 125.168.254.14 61.88.88.88
TCP: Interfaces\{EECF7929-B511-4A31-BE8F-3028B648212F} : DHCPNameServer = 10.4.182.22 10.4.81.105
TCP: Interfaces\{EED03D5B-1DDE-4A12-9DAB-BF53CE87CD82} : DHCPNameServer = 198.142.0.51 61.88.88.88
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=     
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-07-24 04:12; 69ffxtbr@PackageTracer_69.com; C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\extensions\69ffxtbr@PackageTracer_69.com
FF - ExtSQL: 2013-09-09 12:31; jid1-vW9nopuIAJiRHw@jetpack; C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0asxgvh.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-5 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-5 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-4 1525336]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-5 169048]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [2013-8-5 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130911.001\IDSviA64.sys [2013-9-12 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-5 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-5 433752]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-11 203776]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-11 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-28 2413056]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-5 144368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-11 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-29 140376]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-9-2 86016]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-11 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-3-11 12256512]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-7-28 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-7-28 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-11 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-28 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-8-5 144368]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-3-11 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-11 39464]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-9-2 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-9-2 256000]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-20 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-09-12 21:54:08 712264 ----a-w- C:\Windows\isRS-000.tmp
2013-09-09 14:14:29 -------- d-----w- C:\Users\Admin\AppData\Local\{0196062B-2235-4AC9-8C2F-F82D33CCC8A4}
2013-09-09 09:49:02 -------- d-----w- C:\Users\Admin\AppData\Local\libimobiledevice
2013-09-09 09:29:41 -------- d-----w- C:\Users\Admin\AppData\Roaming\SmileysWeLove
2013-09-09 09:28:50 -------- d-----w- C:\Users\Admin\AppData\Local\Smartbar
2013-09-09 09:27:27 -------- d-----w- C:\Users\Admin\AppData\Local\DealPlyLive
2013-09-09 09:27:27 -------- d-----w- C:\ProgramData\DealPlyLive
2013-09-09 09:27:27 -------- d-----w- C:\Program Files (x86)\DealPlyLive
2013-09-09 09:27:23 -------- d-----w- C:\Users\Admin\AppData\Roaming\Dealply
2013-09-09 09:27:19 -------- d-----w- C:\Program Files (x86)\DealPly
2013-09-09 04:31:55 -------- d-----w- C:\Program Files (x86)\SqueakyChocolate
2013-09-07 13:19:31 -------- d-----w- C:\Users\Admin\AppData\Roaming\PacificPoker
2013-09-07 13:19:25 -------- d-----w- C:\Program Files (x86)\PacificPoker
2013-09-07 12:50:15 -------- d-----w- C:\Poker
2013-09-05 19:30:27 -------- d-----w- C:\Users\Admin\AppData\Local\{2F5054F8-EBD9-4D3F-98FB-60EC991F9E10}
2013-09-05 15:42:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-05 15:41:18 -------- d-----w- C:\Program Files\iPod
2013-09-05 15:41:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-05 15:41:17 -------- d-----w- C:\Program Files\iTunes
2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-05 15:34:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-09-02 14:23:17 -------- d-----w- C:\Users\Admin\AppData\Local\CrashRpt
2013-09-02 14:16:48 -------- d-----w- C:\Users\Admin\AppData\Local\BingoCafe
2013-09-02 11:32:15 -------- d-----w- C:\Users\Admin\AppData\Roaming\DownLite
2013-08-28 19:39:28 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-08-28 19:39:25 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-08-26 18:08:08 -------- d-----w- C:\Program Files (x86)\Belkin
2013-08-23 19:42:58 -------- d-----w- C:\Users\Admin\AppData\Local\{18FF6120-4C4B-437C-919A-C5ADA6F1EC73}
2013-08-22 23:29:43 -------- d-----w- C:\Users\Admin\AppData\Local\{8FED27FD-B992-4402-BFD0-CBE7F6A9BCFE}
2013-08-20 17:43:39 -------- d-----w- C:\Users\Admin\AppData\Local\{F6703B17-FC43-446A-94D4-EDED6B30D6CE}
2013-08-14 07:02:49 -------- d-----w- C:\Windows\pss
2013-08-14 04:26:48 -------- d-----w- C:\Program Files (x86)\Movies Toolbar
2013-08-14 04:14:34 -------- d-----w- C:\Program Files (x86)\Free Video Converter
2013-08-14 00:55:24 -------- d-----w- C:\Users\Admin\VLC
.
==================== Find3M  ====================
.
2013-09-12 19:04:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 19:04:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-04 17:16:12 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-28 02:21:44 8507392 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys
2013-07-28 02:10:27 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2013-07-28 02:10:27 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2013-07-28 01:34:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-07-28 01:34:24 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-07-28 01:34:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-07-28 01:23:08 91648 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys
2013-07-28 01:23:08 81920 ----a-w- C:\Windows\System32\nusb3co2.dll
2013-07-28 01:23:08 208896 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2013-07-28 01:18:52 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2013-07-28 01:18:52 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll
2013-07-28 01:18:52 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2013-07-28 01:18:52 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2013-07-28 01:18:52 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2013-07-28 01:18:50 411944 ----a-w- C:\Windows\System32\SynCOM.dll
2013-07-28 01:18:50 276264 ----a-w- C:\Windows\System32\SynCtrl.dll
2013-07-28 01:18:50 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2013-07-28 01:18:50 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll
.
============= FINISH:  6:07:49.23 ===============
 
 
I also saw most helpers recommended to download roguekiller and do a scan with that, so ive done that also.
 
RogueKiller V8.6.11 [sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 09/13/2013 06:11:55
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 14 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{1D28985E-5CD3-43D3-935E-C984D79EA088} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{49DE15CC-6226-4A55-B117-418E4BAF8C57} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{E8BF945E-5091-4D42-BC95-9131D74D4F97} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{EAF30024-F1B1-4635-91C8-D7084C484154} : NameServer (125.168.254.14 61.88.88.88) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 6ae5f4eca2ebf42ffb7104b6709fddbf
[bSP] 03ad46c2950a0b0190b8fce2dcbbce34 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700087 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434187776 | Size: 15014 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fa39b793e433e475341b591834d0f0c1
[bSP] 03ad46c2950a0b0190b8fce2dcbbce34 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo
 
Finished : << RKreport[0]_S_09132013_061155.txt >>
 
 
 
Hoping someone has a fix to this, and soon (i go away for work today and dont really want to leave my friend with an infected laptop)
 

attach.txt

Link to post
Share on other sites

Hello BensonTheNoob and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, FrostWire or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, generate a new fresh DDS log files and post them in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.