Inactive Malware malicious website

Status
Not open for further replies.
Meg Fleming

Meg Fleming

Posts: 6   +0
Every maybe 3-5 minutes I get a pop up from Malware Bytes saying "successfully blocked access to a potentially malicious website" from 3 different IP's; 188.237.9.132 and 98.142.251.240 and 89.28.7.250 . Is there any way to block these, get rid of them, etc?
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
So I did a full scan previous to posting this, but as you instructed I also did a quick scan and it found an extra 6 issues. I'm gonna post the results to the full scan, but let me know if you want me to include the quick scan I did....
.............
12/7/2013 1:13:11 PM
mbam-log-2013-12-07 (13-13-11).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 544542
Time elapsed: 1 hour(s), 14 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} (PUP.Optional.VMNToolBar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
HKCR\Interface\{5533CB30-15CD-40DD-855F-8C2E1FCDE7D7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> Data: MyStart Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} (PUP.Optional.VMNToolBar.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\meg_2\dxmaopmi.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Program Files (x86)\PutLockerDownloader (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
C:\ProgramData\SEARCHNEWTAB (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\data (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
Files Detected: 11
C:\Program Files (x86)\MYSTARTTB\MYSTARTDX.DLL (PUP.Optional.VMNToolBar.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3091272504-2475350413-962084651-1001\$R9VO7CJ.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3091272504-2475350413-962084651-1001\$RYDPYYJ.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Meg_2\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#spartan.contentabc.com\timeout.exe (Rogue.FakeAV.ED) -> Quarantined and deleted successfully.
C:\Users\Meg_2\AppData\Roaming\Qyoz\vuipa.exe (Spyware.Zbot.12CR) -> Quarantined and deleted successfully.
C:\Users\Meg_2\Downloads\Pegboard Nerds - Self Destruct [Monstercat Release] (D. Pavlov) - [MP3Juices.com].exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (PUP.Optional.PutLocker.A) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\5111c02cccd9d.tlb (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\settings.ini (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
C:\ProgramData\Search-NewTab\data\Search-NewTab.dat (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.10.2
Run by Meg_2 at 19:36:50 on 2013-12-07
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6030.3003 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [MyStart Anti-phishing Domain Advisor] "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
StartupFolder: C:\Users\Meg_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rebtel.appref-ms
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\037324430353932333137333 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\148435F5055726C69636 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\27F62616E6464616E69656C6C656 : DHCPNameServer = 208.67.222.222 208.67.220.220 66.189.0.100
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\55F40274575637470275946494 : DHCPNameServer = 208.67.222.220 208.67.222.222
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\D4567616E6370294E6475627E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85DDFD99-227D-4175-A241-DF8EC34AF544}\E45445745414255393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A120169A-3FF0-496E-8506-54B9C51797DD} : DHCPNameServer = 172.16.2.1 172.16.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
x64-TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-9-13 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-9-13 23344]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-27 465216]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-8-28 29056]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-8-28 30592]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-13 129856]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-9-13 193576]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-13 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-13 365376]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-7-25 619904]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-8-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-8-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-8-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-8-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-8-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-8-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-9-13 43800]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\Drivers\mcvidrv_x64.sys [2013-7-25 44544]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-7 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-13 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-13 690832]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-21 13728]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\Drivers\ScreamingBAudio64.sys [2012-7-31 38992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-21 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-3-21 15776]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-12-28 14544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161384]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2013-12-08 00:34:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AAB893-3B4B-4E09-B17B-1047F2F6FF93}\offreg.dll
2013-12-07 23:09:49 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AAB893-3B4B-4E09-B17B-1047F2F6FF93}\mpengine.dll
2013-12-07 20:24:56 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Rebtel
2013-12-07 20:22:18 -------- d-----w- C:\Users\Meg_2\AppData\Local\Deployment
2013-12-07 20:22:18 -------- d-----w- C:\Users\Meg_2\AppData\Local\Apps
2013-12-07 18:11:43 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Malwarebytes
2013-12-07 18:11:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-07 18:11:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-07 18:06:13 408 ----a-w- C:\Users\Meg_2\AppData\Roaming\sp_data.sys
2013-12-07 17:33:13 -------- d-----w- C:\Users\Meg_2\AppData\Local\KB6727897
2013-11-23 13:22:18 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Zoebvi
2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Ukcibu
2013-11-19 19:43:18 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Qyoz
2013-11-17 23:10:08 -------- d-----w- C:\Users\Meg_2\AppData\Local\{E1E9A528-FBDF-44BA-8291-23F8B20568E7}
2013-11-17 17:57:43 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-16 23:04:02 -------- d-----w- C:\Users\Meg_2\lmms
2013-11-16 23:03:11 -------- d-----w- C:\Program Files\LMMS
2013-11-16 19:46:07 -------- d-----w- C:\Users\Meg_2\AppData\Local\ManyCam
2013-11-16 19:46:07 -------- d-----w- C:\ProgramData\ManyCam
2013-11-16 19:46:05 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\ManyCam
2013-11-16 19:45:54 -------- d-----w- C:\Users\Meg_2\AppData\Local\mystart_ad
2013-11-16 19:45:54 -------- d-----w- C:\ProgramData\MyStart Anti-phishing Domain Advisor
2013-11-16 19:45:50 -------- d-----w- C:\ProgramData\EmailNotifier
2013-11-16 19:45:44 -------- d-----w- C:\Program Files (x86)\mystarttb
2013-11-16 19:45:43 -------- d-----w- C:\Program Files (x86)\ManyCam
2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Xyiv
2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Mywuwy
2013-11-12 20:57:57 -------- d-----w- C:\Users\Meg_2\AppData\Roaming\Azyx
.
==================== Find3M ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:37:37.84 ===============
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 12/26/2012 12:52:53 AM
System Uptime: 12/7/2013 7:32:26 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K56CA
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 204.449 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 398.034 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP54: 11/29/2013 8:22:01 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X MUI
Adobe Shockwave Player 12.0
Advanced SystemCare 6
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ASUSDVD
AsusVibe2.0
ATK Package
Audacity 2.0.5
Bonjour
Cross Fire En
D3DX10
ExpressCache
Facebook Video Calling 1.2.0.287
FileViewPro
Game Booster 3
GIMP 2.8.6
Google Earth Plug-in
Google Update Helper
Intel(R) Dynamic Platform and Thermal Framework
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Start Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 10
Java Auto Updater
League of Legends
LMMS 0.4.15
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.62
Microsoft Application Error Reporting
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MTA:SA v1.3.3
Mumble 1.2.4
MyStart Anti-phishing Domain Advisor
MyStart Toolbar
Nexon Game Manager
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Rebtel
Shared C Run-time for x64
Skype™ 6.3
Smart Defrag 2
swMSM
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
VirtualDJ Home FREE
VLC media player 1.0.1
Wacom
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinRAR 4.20 (32-bit)
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
12/7/2013 12:54:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/7/2013 1:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/7/2013 1:03:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/7/2013 1:01:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
 
Some items in your MBAM log are marked "No action taken".
Rerun MBAM Quick scan, fix ALL issues and post new log.

Next...

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Status
Not open for further replies.

Similar threads

A
A clever Google-hosted, malicious ad fakes the KeePass website
Replies
3
Views
295
Fastturtle
F
D
Three malicious VPN extensions on the Chrome Web Store infected 1.5 million devices before...
Replies
11
Views
375
Nestea
N
orangeshadow
Games lag and freeze in 15-20 minute intervals.
Replies
0
Views
457
orangeshadow
orangeshadow

Latest posts

Back