potentially malicious website 66.45.56.109

[db352900]

Any assistance is gratefully appreciated.

 

I've run quick, full, and flash malewarebytes scans, plus the rootkit and RogueKillerX64 in various combinations for a couple of days now. I'm still getting the message that Malwarebytes is blocking access to a "potentially malicious website 66.45.56.109.  Port 51340. Process:buesheq.exe.  

 

I've run dds and am pasting the logs below, first DDS then Attach (I'm also attaching the files to this message):

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428

Run by db at 19:52:54 on 2013-12-26

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1101 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atibtmon.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\db\AppData\Roaming\Weylwyr\buesheq.exe

C:\Users\db\AppData\Roaming\Weylwyr\buesheq.exe

C:\Users\db\AppData\Roaming\Weylwyr\buesheq.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\db\AppData\Roaming\Weylwyr\buesheq.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Wuegqigo] C:\Users\db\AppData\Roaming\Weylwyr\buesheq.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{97E8BCBD-9919-4D59-A9B3-E28533CC3AD9} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{97E8BCBD-9919-4D59-A9B3-E28533CC3AD9}\0555455425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{97E8BCBD-9919-4D59-A9B3-E28533CC3AD9}\0557475627 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{97E8BCBD-9919-4D59-A9B3-E28533CC3AD9}\3596C6675627441676765627 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{97E8BCBD-9919-4D59-A9B3-E28533CC3AD9}\C696E6B6379737 : DHCPNameServer = 74.128.19.102 74.128.17.114

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-28 77952]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-28 38016]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2013-2-14 26024]

R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-12-25 62168]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-27 2424424]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-18 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-18 701512]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-22 46136]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-18 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-1-27 339048]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-27 539240]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-6-22 44672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-12-14 16152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

FileExt: .chm: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-12-26 21:32:59 70224 ----a-w- C:\Windows\System32\drivers\fileinfo.sys.bak

2013-12-25 19:26:41 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll

2013-12-25 19:26:41 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll

2013-12-25 19:26:41 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll

2013-12-25 19:26:41 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll

2013-12-25 19:26:41 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit

2013-12-25 15:02:37 -------- d-----w- C:\Users\db\AppData\Roaming\Zuedcaax

2013-12-25 15:02:03 -------- d-----w- C:\Users\db\AppData\Roaming\Napyyl

2013-12-25 15:01:07 -------- d-----w- C:\Users\db\AppData\Roaming\Umvuqor

2013-12-25 15:00:27 -------- d-----w- C:\Users\db\AppData\Roaming\Imhaut

2013-12-25 14:59:41 -------- d-----w- C:\Users\db\AppData\Roaming\Byolary

2013-12-25 14:59:10 -------- d-----w- C:\Users\db\AppData\Roaming\Itezaga

2013-12-25 14:58:40 -------- d-----w- C:\Users\db\AppData\Roaming\Ageqqy

2013-12-25 14:57:53 -------- d-----w- C:\Users\db\AppData\Roaming\Foewizef

2013-12-25 14:57:21 -------- d-----w- C:\Users\db\AppData\Roaming\Pyorbe

2013-12-25 14:56:33 -------- d-----w- C:\Users\db\AppData\Roaming\Ohofaqwi

2013-12-25 14:56:01 -------- d-----w- C:\Users\db\AppData\Roaming\Edgoina

2013-12-25 14:55:14 -------- d-----w- C:\Users\db\AppData\Roaming\Ewnogi

2013-12-25 14:54:41 -------- d-----w- C:\Users\db\AppData\Roaming\Kububaxu

2013-12-25 14:53:54 -------- d-----w- C:\Users\db\AppData\Roaming\Faheosl

2013-12-25 14:53:22 -------- d-----w- C:\Users\db\AppData\Roaming\Giotel

2013-12-25 14:52:34 -------- d-----w- C:\Users\db\AppData\Roaming\Edcysoy

2013-12-25 14:51:02 -------- d-----w- C:\Users\db\AppData\Roaming\Cuonimi

2013-12-25 14:50:15 -------- d-----w- C:\Users\db\AppData\Roaming\Ceukomg

2013-12-25 14:49:42 -------- d-----w- C:\Users\db\AppData\Roaming\Iqukaxs

2013-12-25 14:48:55 -------- d-----w- C:\Users\db\AppData\Roaming\Owimypi

2013-12-25 14:48:25 -------- d-----w- C:\Users\db\AppData\Roaming\Ifedyx

2013-12-25 14:47:38 -------- d-----w- C:\Users\db\AppData\Roaming\Ywotpaa

2013-12-25 14:47:05 -------- d-----w- C:\Users\db\AppData\Roaming\Xavura

2013-12-25 14:46:15 -------- d-----w- C:\Users\db\AppData\Roaming\Utoszuys

2013-12-25 14:45:42 -------- d-----w- C:\Users\db\AppData\Roaming\Luaqfac

2013-12-25 14:44:54 -------- d-----w- C:\Users\db\AppData\Roaming\Zygual

2013-12-25 14:44:20 -------- d-----w- C:\Users\db\AppData\Roaming\Kohytue

2013-12-25 14:43:23 -------- d-----w- C:\Users\db\AppData\Roaming\Anevqyh

2013-12-25 14:42:51 -------- d-----w- C:\Users\db\AppData\Roaming\Qaibonz

2013-12-25 14:42:19 -------- d-----w- C:\Users\db\AppData\Roaming\Boobdi

2013-12-25 14:41:32 -------- d-----w- C:\Users\db\AppData\Roaming\Puapoxi

2013-12-25 14:40:59 -------- d-----w- C:\Users\db\AppData\Roaming\Olygohx

2013-12-25 14:40:11 -------- d-----w- C:\Users\db\AppData\Roaming\Fywigeeg

2013-12-25 14:39:37 -------- d-----w- C:\Users\db\AppData\Roaming\Uwcisui

2013-12-25 14:38:49 -------- d-----w- C:\Users\db\AppData\Roaming\Yvefoq

2013-12-25 14:38:17 -------- d-----w- C:\Users\db\AppData\Roaming\Aqipxy

2013-12-25 14:37:29 -------- d-----w- C:\Users\db\AppData\Roaming\Uhricuv

2013-12-25 14:36:57 -------- d-----w- C:\Users\db\AppData\Roaming\Weylwyr

2013-12-24 14:12:43 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6040EF2A-44B8-4B3C-BB62-9609658AA8D7}\mpengine.dll

2013-12-15 02:57:14 -------- d--h--w- C:\ProgramData\Common Files

2013-12-15 01:57:56 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2013-12-15 01:57:55 -------- d-----w- C:\Users\db\AppData\Local\SlimWare Utilities Inc

2013-12-15 01:56:31 -------- d-----w- C:\Program Files (x86)\DriverUpdate

2013-12-15 01:36:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-15 01:36:33 -------- d-----w- C:\Program Files\iPod

2013-12-15 01:36:32 -------- d-----w- C:\Program Files\iTunes

2013-12-15 01:36:32 -------- d-----w- C:\Program Files (x86)\iTunes

2013-12-15 01:31:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-12-15 01:31:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-12-15 01:31:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-12-15 01:31:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-12-15 01:31:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-12-12 02:06:26 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 02:06:26 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 02:06:25 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 02:06:24 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-11 12:49:10 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-11 12:49:10 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-11 12:49:09 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-11 12:49:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-11 12:49:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-11 12:49:06 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-11 12:49:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-11 12:49:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-11 12:49:00 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-11 12:48:56 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-11 12:48:56 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-11 12:48:56 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-11 12:48:56 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-11 12:48:56 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-11 12:48:56 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-11 12:48:56 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-11 12:48:56 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-11 12:48:56 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-11 12:48:56 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-07 10:39:53 -------- d-----w- C:\ProgramData\Easybits Magic Desktop for HP

2013-11-30 16:29:01 -------- d-----w- C:\ProgramData\Oracle

.

==================== Find3M  ====================

.

2013-12-27 00:49:06 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 19:55:13.79 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 7/28/2011 10:50:27 AM

System Uptime: 12/26/2013 7:35:30 PM (0 hours ago)

.

Motherboard: Hewlett-Packard |  | 1697

Processor: AMD Phenom II P650 Dual-Core Processor | Socket S1G4 | 2600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 376.214 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.631 GiB free.

E: is CDROM ()

H: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP312: 11/29/2013 7:06:30 PM - Windows Update

RP313: 11/30/2013 11:28:03 AM - Installed Java 7 Update 45

RP314: 12/3/2013 7:11:49 PM - Windows Update

RP315: 12/11/2013 7:47:41 AM - Windows Update

RP316: 12/11/2013 9:02:47 PM - Windows Update

RP317: 12/14/2013 7:00:44 PM - Windows Update

RP318: 12/15/2013 9:07:56 AM - Removed DriverUpdate

RP319: 12/15/2013 9:09:02 AM - Removed DriverUpdate

RP320: 12/15/2013 9:09:30 AM - Removed DriverUpdate

RP321: 12/20/2013 3:30:45 PM - Windows Update

RP322: 12/24/2013 9:12:02 AM - Windows Update

RP323: 12/25/2013 5:44:39 PM - Removed Java 6 Update 26

RP324: 12/25/2013 5:46:10 PM - Removed Java 6 Update 24 (64-bit)

RP325: 12/25/2013 5:46:56 PM - Removed Java 7 Update 45

RP326: 12/26/2013 7:30:20 PM - Malwarebytes Anti-Rootkit Restore Point

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 11.5

AMD Fuel

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Bing Bar

Blio

Bonjour

calibre

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Energy Star Digital Logo

ESU for Microsoft Windows 7

Evernote v. 4.2.2

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Connection Manager

HP Customer Experience Enhancements

HP Documentation

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

iTunes

Junk Mail filter update

Magic Desktop

Malwarebytes Anti-Exploit version 0.09.4.2000

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayReady PC Runtime x86

QuickTime

Ralink RT5390 802.11b/g/n WiFi Adapter

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Skype Click to Call

Skype™ 6.7

Synaptics TouchPad Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

WD Quick View

WD SmartWare

WD SmartWare Installer

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WMV9/VC-1 Video Playback

.

==== Event Viewer Messages From Past Week ========

.

12/26/2013 5:21:33 PM, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.

12/26/2013 4:11:13 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.

12/26/2013 3:28:11 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.

.

==== End Of File ===========================

 

dds.txt

attach.txt

[Maniac]

Hello db352900 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
• ComboFix log

[db352900]

Thank you, Borislav.  I have contacted customer support and am looking forward to resolving this issue.  Best wishes for the holiday.

[Maniac]

Thanks for letting me know!

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.