Jump to content

Recommended Posts

Hi,

 

I'm using Malwarebytes Anti-Malware Pro, and I keep seeing the message "Successfully blocked access to a potentially malicious website: (Random IP adress here).  I see this even when I don't have a web browser open.  I scanned with both Malwarebytes and Norton, but they both came up with random PUP's that they got rid of.  Just wondering if I should be worried, or should I just brush it off.

Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Logs in order, just one thing, I already had Check for removal of PUP's enabled:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.27.05
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Damian :: HAYLEYLAPTOP [administrator]
 
Protection: Enabled
 
2/27/2014 10:28:10 AM
MBAM-log-2014-02-27 (10-36-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239083
Time elapsed: 5 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Damian\AppData\Local\Temp\utt1AB5.tmp (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.27.05
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Damian :: HAYLEYLAPTOP [administrator]
 
Protection: Enabled
 
2/27/2014 10:45:55 AM
mbam-log-2014-02-27 (10-45-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239245
Time elapsed: 6 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.51.2
Run by Damian at 10:56:47 on 2014-02-27
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3980.1378 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\LogonUI.exe
C:\windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by TOSHIBA
mWindow Title = Internet Explorer provided by TOSHIBA
uProxyServer = 94.137.239.19:81
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: Interfaces\{4C7F326D-F4AF-4410-92EB-B1F742E5A7DF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4C7F326D-F4AF-4410-92EB-B1F742E5A7DF}\24C65756 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4C7F326D-F4AF-4410-92EB-B1F742E5A7DF}\84F4D454D223435424D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4C7F326D-F4AF-4410-92EB-B1F742E5A7DF}\84F4D454D223643323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4C7F326D-F4AF-4410-92EB-B1F742E5A7DF}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\b7o8hc3t.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-10 645952]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1501000.012\SymDS64.sys [2014-1-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1501000.012\SymEFA64.sys [2014-1-17 1147480]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-1-10 131520]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\windows\System32\Drivers\N360x64\1501000.012\ccSetx64.sys [2014-1-17 162392]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-11-13 168608]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-24 150104]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140226.001\IDSviA64.sys [2014-2-27 521944]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1501000.012\Ironx64.sys [2014-1-17 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1501000.012\symnets.sys [2014-1-17 590936]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-10 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-10 166720]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-17 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2014-1-17 264360]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-24 232424]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-6-17 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-11-13 126392]
R2 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe [2012-8-10 214488]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-24 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-10 365376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-23 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2013-1-10 9216]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-1-17 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-1-10 315536]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]
R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-1-10 499096]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1501000.012\SymELAM.sys [2014-1-17 23568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-6-25 140384]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\Drivers\mbamchameleon.sys [2014-2-17 36680]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\Drivers\MijXfilt.sys [2014-1-17 121416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]
S3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
.
=============== Created Last 30 ================
.
2014-02-27 00:46:39 -------- d-----w- C:\Users\Damian\AppData\Local\LogMeIn Hamachi
2014-02-27 00:46:39 -------- d-----w- C:\Users\Damian\AppData\Local\LogMeIn
2014-02-27 00:46:39 -------- d-----w- C:\ProgramData\LogMeIn
2014-02-27 00:43:18 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-02-26 17:31:08 -------- d-----w- C:\Users\Damian\AppData\Roaming\uTorrent
2014-02-26 02:42:04 -------- d-----w- C:\Users\Damian\AppData\Local\Blizzard
2014-02-26 02:29:10 -------- d-----w- C:\60d8f9edb83b654066
2014-02-26 02:29:06 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-02-26 00:41:26 -------- d-----w- C:\Users\Damian\AppData\Local\Blizzard Entertainment
2014-02-26 00:41:23 -------- d-----w- C:\Users\Damian\AppData\Roaming\Battle.net
2014-02-26 00:41:23 -------- d-----w- C:\Users\Damian\AppData\Local\Battle.net
2014-02-24 18:04:50 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-23 05:36:26 -------- d-----w- C:\Users\Damian\AppData\Local\ElevatedDiagnostics
2014-02-23 04:45:35 -------- d-----w- C:\Users\Damian\AppData\Local\BetterDS3
2014-02-22 16:27:55 -------- d-sh--w- C:\found.001
2014-02-20 21:26:09 17858952 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-19 03:42:03 -------- d-----w- C:\ProgramData\boost_interprocess
2014-02-18 22:24:51 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-02-18 22:22:14 -------- d-----w- C:\Users\Damian\AppData\Roaming\Wireshark
2014-02-18 22:20:04 -------- d-----w- C:\Program Files\Wireshark
2014-02-17 17:28:36 -------- d-----w- C:\Users\Damian\AppData\Roaming\steamvr
2014-02-17 05:22:28 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-02-17 05:19:05 -------- d-----w- C:\windows\pss
2014-02-15 03:50:42 -------- d-----w- C:\Users\Damian\AppData\Roaming\TeamViewer
2014-02-12 02:18:31 2232664 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-02-12 02:16:58 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-02-12 02:16:56 3960320 ----a-w- C:\windows\System32\jscript9.dll
2014-02-12 02:16:55 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-12 02:16:13 3842560 ----a-w- C:\windows\System32\d2d1.dll
2014-02-12 02:16:13 3288576 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-12 02:16:13 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-12 02:16:12 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-02-08 19:00:42 -------- d-----w- C:\Users\Damian\AppData\Roaming\Awesomium
2014-02-08 18:46:23 -------- d-----w- C:\ProgramData\Elder Scrolls Online
2014-02-08 02:51:14 -------- d-----w- C:\Users\Damian\AppData\Local\My Games
2014-02-07 23:57:36 -------- d-----w- C:\Program Files (x86)\Zenimax Online
2014-02-07 23:57:29 -------- d-----w- C:\Users\Damian\AppData\Local\Programs
2014-02-04 19:56:44 46136 ---ha-w- C:\windows\System32\drivers\Hamdrv.sys
2014-01-30 01:31:38 -------- d-----w- C:\Users\Damian\AppData\Local\Macromedia
2014-01-30 01:31:18 -------- d-----w- C:\Users\Damian\AppData\Local\Mozilla
.
==================== Find3M  ====================
.
2014-02-17 15:23:54 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2014-02-01 09:19:49 2241536 ----a-w- C:\windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-02-01 09:18:21 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-02-01 07:57:16 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\winlogon.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\wininit.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\smss.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\services.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\lsass.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\dwm.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\csrss.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\conhost.exe
2013-12-22 20:59:49 231376 ----a-w- C:\windows\System32\drivers\truecrypt.sys
2013-12-19 00:25:38 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-12-09 00:45:52 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-12-08 23:59:47 600064 ----a-w- C:\windows\System32\vbscript.dll
2013-12-07 06:37:24 688640 ----a-w- C:\windows\System32\WSShared.dll
2013-12-07 06:37:24 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15:46 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-12-07 05:15:46 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-04 23:43:46 1845248 ----a-w- C:\windows\System32\msxml3.dll
2013-12-04 23:43:43 583680 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 23:37:09 1419264 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 23:37:08 451072 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 10:58:12.37 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2013 7:08:07 PM
System Uptime: 2/25/2014 9:30:56 PM (37 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Pentium® CPU 2020M @ 2.40GHz | U3E1 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 240.261 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 2/9/2014 12:03:00 AM - Installed DirectX
RP52: 2/13/2014 9:30:26 AM - Windows Update
RP53: 2/17/2014 11:33:12 AM - Removed League of Legends
RP54: 2/20/2014 6:25:43 PM - Windows Update
RP55: 2/24/2014 3:00:25 AM - Windows Update
RP56: 2/26/2014 7:42:29 PM - Installed LogMeIn Hamachi
.
==== Installed Programs ======================
.
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.3)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Battle.net
Bejeweled 3
CamStudio Lossless Codec v1.5
CCleaner
Counter-Strike: Source
D3DX10
Fallout 3
FATE
Fraps (remove only)
Futuremark SystemInfo
Gardenscapes: Mansion Makeover
Garry's Mod
Google Chrome
Google Update Helper
Hearthstone
inSSIDer Home
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 45 (64-bit)
Java 7 Update 51
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)
Lernout & Hauspie TruVoice American English TTS Engine
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton Anti-Theft
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard
Norton Security Suite
NVIDIA PhysX v8.10.17
Origin
Pando Media Booster
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Portal 2
Race The Sun
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Sid Meier's Civilization V
Skype Click to Call
Skype™ 6.11
Star Wars - Battlefront II
Steam
Synaptics Pointing Device Driver
Team Fortress 2
Terraria
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA HDD Accelerator
TOSHIBA Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Virtual Villagers 5 - New Believers
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.3
WinRAR 5.01 (64-bit)
Wireshark 1.10.5 (64-bit)
Youda Jewel Shop
.
==== Event Viewer Messages From Past Week ========
.
2/26/2014 9:14:13 PM, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk0\DR0.
2/26/2014 7:45:28 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
2/26/2014 7:45:28 PM, Error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/26/2014 7:45:20 PM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/26/2014 2:42:32 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/26/2014 2:42:32 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/26/2014 12:27:05 PM, Error: Service Control Manager [7031]  - The Norton Security Suite service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/25/2014 5:21:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0902: Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB2916626).
2/23/2014 11:36:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff803d0e2c92f, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022314-66125-01.
2/23/2014 11:17:24 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{c5a44a28-408f-11e2-b822-f3ca26f352ec}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4E00E98A-D39B-436C-B5CA-C06529E81FD7}' was corrupted and it has been recovered. Some data might have been lost.
2/21/2014 3:15:25 AM, Error: Microsoft-Windows-Ntfs [98]  - Volume C: (\Device\HarddiskVolume4) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
2/21/2014 3:13:52 AM, Error: Microsoft-Windows-Ntfs [98]  - Volume C: (\Device\HarddiskVolume4) needs to be taken offline for a short time to perform a Spot Fix.  Please run "CHKDSK /SPOTFIX" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
2/21/2014 3:13:47 AM, Error: Service Control Manager [7034]  - The Device Association Service service terminated unexpectedly.  It has done this 1 time(s).
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2014 3:13:47 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/21/2014 3:12:56 AM, Error: Service Control Manager [7023]  - The Spot Verifier service terminated with the following error:  Spot Verifier is not a valid Win32 application.
2/21/2014 3:08:47 AM, Error: Ntfs [131]  - The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
2/21/2014 10:24:09 AM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
.
==== End Of File ===========================
 
RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Damian [Admin rights]
Mode : Scan -- Date : 02/27/2014 11:08:10
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (94.137.239.19:81 [Country: , City: ]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
Finished : << RKreport[0]_S_02272014_110810.txt >>
Link to post
Share on other sites

Please make sure that you have created a new system restore point before you continue.

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then.........

Download Malwarebytes Anti-Rootkit from HERE

  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default)
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  • To attach a log if needed:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    MrC

Link to post
Share on other sites

# AdwCleaner v3.020 - Report created 27/02/2014 at 16:07:06

# Updated 27/02/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Damian - HAYLEYLAPTOP

# Running from : C:\Users\Damian\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin

Folder Deleted : C:\Users\Hayley\AppData\Roaming\pccustubinstaller

File Deleted : C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\rikvvnct.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16798

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Hayley\AppData\Roaming\Mozilla\Firefox\Profiles\rikvvnct.default\prefs.js ]

 

 

[ File : C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\b7o8hc3t.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2649 octets] - [27/02/2014 16:05:15]

AdwCleaner[s0].txt - [2424 octets] - [27/02/2014 16:07:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2484 octets] ##########

 

MBAR found nothing, but I have attached both logs as instructed. 

mbar-log-2014-02-27 (16-17-51).txt

system-log.txt

Link to post
Share on other sites

Next:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Both logs were incredibly long, so they should be attached.  Also, if you don't mind me asking, could this potentially be a hacker?  I know how it works, and seems really far off, but it would make sense if he/she was using A LOT of proxies.

 

Another quick thing I forgot to add in my first post was that I used an IP tracker and they lead to random places such as the Ukraine or even Russia.  Just a little extra info in case it's needed/wanted.

Addition.txt

FRST.txt

Link to post
Share on other sites

No, leave it, looks like a bunch of files were modified at the same time:
 

2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\winlogon.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\wininit.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\smss.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\services.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\lsass.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\dwm.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\csrss.exe
2014-01-18 03:35:09 0 ----a-w- C:\windows\SysWow64\conhost.exe

 

------------------------

How's the IP blocks???

MrC

Link to post
Share on other sites

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Security Suite   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 51  

 Adobe Flash Player 12.0.0.70  

 Adobe Reader 10.1.3 Adobe Reader out of Date!  

 Mozilla Firefox (26.0) 

 Google Chrome 32.0.1700.107  

 Google Chrome 33.0.1750.117  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Symantec Norton Online Backup NOBuAgent.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Reader 10.1.3 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.