TechSpot

Malware malicious website

By Meg Fleming
Dec 7, 2013
  1. Every maybe 3-5 minutes I get a pop up from Malware Bytes saying "successfully blocked access to a potentially malicious website" from 3 different IP's; 188.237.9.132 and 98.142.251.240 and 89.28.7.250 . Is there any way to block these, get rid of them, etc?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Meg Fleming

    Meg Fleming TS Rookie Topic Starter

    So I did a full scan previous to posting this, but as you instructed I also did a quick scan and it found an extra 6 issues. I'm gonna post the results to the full scan, but let me know if you want me to include the quick scan I did....
    .............
    12/7/2013 1:13:11 PM
    mbam-log-2013-12-07 (13-13-11).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 544542
    Time elapsed: 1 hour(s), 14 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 12
    HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} (PUP.Optional.VMNToolBar.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
    HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{5533CB30-15CD-40DD-855F-8C2E1FCDE7D7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Data: MyStart Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} (PUP.Optional.VMNToolBar.A) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\meg_2\dxmaopmi.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 4
    C:\Program Files (x86)\PutLockerDownloader (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    C:\ProgramData\SEARCHNEWTAB (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\ProgramData\Search-NewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\ProgramData\Search-NewTab\data (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    Files Detected: 11
    C:\Program Files (x86)\MYSTARTTB\MYSTARTDX.DLL (PUP.Optional.VMNToolBar.A) -> No action taken.
    C:\$Recycle.Bin\S-1-5-21-3091272504-2475350413-962084651-1001\$R9VO7CJ.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-3091272504-2475350413-962084651-1001\$RYDPYYJ.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
    C:\Users\Meg_2\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#spartan.contentabc.com\timeout.exe (Rogue.FakeAV.ED) -> Quarantined and deleted successfully.
    C:\Users\Meg_2\AppData\Roaming\Qyoz\vuipa.exe (Spyware.Zbot.12CR) -> Quarantined and deleted successfully.
    C:\Users\Meg_2\Downloads\Pegboard Nerds - Self Destruct [Monstercat Release] (D. Pavlov) - [MP3Juices.com].exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Search-NewTab\5111c02cccd9d.tlb (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\ProgramData\Search-NewTab\settings.ini (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\ProgramData\Search-NewTab\data\Search-NewTab.dat (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    (end)
     
  4. Meg Fleming

    Meg Fleming TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.10.2
    Run by Meg_2 at 19:36:50 on 2013-12-07
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6030.3003 [GMT -5:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dashost.exe
    C:\Windows\system32\DptfParticipantProcessorService.exe
    C:\Windows\system32\DptfPolicyConfigTDPService.exe
    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\SysWOW64\irstrtsv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\WacomHost.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Windows\system32\igfxpers.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Defender\MpCmdRun.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    mRun: [MyStart Anti-phishing Domain Advisor] "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
    StartupFolder: C:\Users\Meg_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rebtel.appref-ms
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
    DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\037324430353932333137333 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\148435F5055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\27F62616E6464616E69656C6C656 : DHCPNameServer = 208.67.222.222 208.67.220.220 66.189.0.100
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\55F40274575637470275946494 : DHCPNameServer = 208.67.222.220 208.67.222.222
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\D4567616E6370294E6475627E65647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\E45445745414255393 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{A120169A-3FF0-496E-8506-54B9C51797DD} : DHCPNameServer = 172.16.2.1 172.16.2.2
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
    x64-TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-9-13 95024]
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-9-13 23344]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-27 465216]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
    R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-8-28 29056]
    R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-8-28 30592]
    R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-13 129856]
    R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-9-13 193576]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-13 166720]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-13 365376]
    R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-7-25 619904]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
    R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
    R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-8-28 107328]
    R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-8-28 42816]
    R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-8-28 64832]
    R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-8-28 96064]
    R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-8-28 228672]
    R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-8-28 361792]
    R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528]
    R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-9-13 43800]
    R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\Drivers\mcvidrv_x64.sys [2013-7-25 44544]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-7 25928]
    R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
    R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-13 294544]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-13 690832]
    S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-21 13728]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\Drivers\ScreamingBAudio64.sys [2012-7-31 38992]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-21 81824]
    S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-3-21 15776]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-12-28 14544]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161384]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
    FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
    FileExt: .js: JSFile=NOTEPAD.EXE "%1"
    FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
    FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2013-12-08 00:34:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AAB893-3B4B-4E09-B17B-1047F2F6FF93}\offreg.dll
    2013-12-07 23:09:49 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AAB893-3B4B-4E09-B17B-1047F2F6FF93}\mpengine.dll
    2013-12-07 20:24:56 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Rebtel
    2013-12-07 20:22:18 -------- d-----w- C:\Users\Meg_2\AppData\Local\Deployment
    2013-12-07 20:22:18 -------- d-----w- C:\Users\Meg_2\AppData\Local\Apps
    2013-12-07 18:11:43 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Malwarebytes
    2013-12-07 18:11:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-12-07 18:11:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-07 18:06:13 408 ----a-w- C:\Users\Meg_2\AppData\Roaming\sp_data.sys
    2013-12-07 17:33:13 -------- d-----w- C:\Users\Meg_2\AppData\Local\KB6727897
    2013-11-23 13:22:18 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
    2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Zoebvi
    2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Ukcibu
    2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Qyoz
    2013-11-17 23:10:08 -------- d-----w- C:\Users\Meg_2\AppData\Local\{E1E9A528-FBDF-44BA-8291-23F8B20568E7}
    2013-11-17 17:57:43 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-11-16 23:04:02 -------- d-----w- C:\Users\Meg_2\lmms
    2013-11-16 23:03:11 -------- d-----w- C:\Program Files\LMMS
    2013-11-16 19:46:07 -------- d-----w- C:\Users\Meg_2\AppData\Local\ManyCam
    2013-11-16 19:46:07 -------- d-----w- C:\ProgramData\ManyCam
    2013-11-16 19:46:05 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\ManyCam
    2013-11-16 19:45:54 -------- d-----w- C:\Users\Meg_2\AppData\Local\mystart_ad
    2013-11-16 19:45:54 -------- d-----w- C:\ProgramData\MyStart Anti-phishing Domain Advisor
    2013-11-16 19:45:50 -------- d-----w- C:\ProgramData\EmailNotifier
    2013-11-16 19:45:44 -------- d-----w- C:\Program Files (x86)\mystarttb
    2013-11-16 19:45:43 -------- d-----w- C:\Program Files (x86)\ManyCam
    2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Xyiv
    2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Mywuwy
    2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Azyx
    .
    ==================== Find3M ====================
    .
    2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 19:37:37.84 ===============
     
  5. Meg Fleming

    Meg Fleming TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/26/2012 12:52:53 AM
    System Uptime: 12/7/2013 7:32:26 PM (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | K56CA
    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 204.449 GiB free.
    D: is FIXED (NTFS) - 398 GiB total, 398.034 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP54: 11/29/2013 8:22:01 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Reader X MUI
    Adobe Shockwave Player 12.0
    Advanced SystemCare 6
    Amnesia - The Dark Descent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS InstantOn
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS Smart Gesture
    ASUS Splendid Video Enhancement Technology
    ASUS Tutor
    ASUS USB Charger Plus
    ASUS WebStorage Sync Agent
    ASUSDVD
    AsusVibe2.0
    ATK Package
    Audacity 2.0.5
    Bonjour
    Cross Fire En
    D3DX10
    ExpressCache
    Facebook Video Calling 1.2.0.287
    FileViewPro
    Game Booster 3
    GIMP 2.8.6
    Google Earth Plug-in
    Google Update Helper
    Intel(R) Dynamic Platform and Thermal Framework
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Start Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 10
    Java Auto Updater
    League of Legends
    LMMS 0.4.15
    Malwarebytes Anti-Malware version 1.75.0.1300
    ManyCam 3.1.62
    Microsoft Application Error Reporting
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MTA:SA v1.3.3
    Mumble 1.2.4
    MyStart Anti-phishing Domain Advisor
    MyStart Toolbar
    Nexon Game Manager
    Qualcomm Atheros Client Installation Program
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Rebtel
    Shared C Run-time for x64
    Skype™ 6.3
    Smart Defrag 2
    swMSM
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    VirtualDJ Home FREE
    VLC media player 1.0.1
    Wacom
    WebTablet FB Plugin 32 bit
    WebTablet FB Plugin 64 bit
    Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinFlash
    WinRAR 4.20 (32-bit)
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/7/2013 12:54:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/7/2013 1:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/7/2013 1:03:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/7/2013 1:01:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Some items in your MBAM log are marked "No action taken".
    Rerun MBAM Quick scan, fix ALL issues and post new log.

    Next...

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...