Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continue getting Error:0x80073b01 - Help Please


  • This topic is locked This topic is locked
26 replies to this topic

#1 okcmark

okcmark

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 October 2013 - 04:30 PM

I have been getting this error code for awhile, and it has been very inconvientent.  Now after doing some checking, I see that this is alot larger problem than I realized.

 

I'm an old, computer 'hunt and peck-er" ( dont like the way that looks...LOL)

 

Any help would be very welcomed, and Thank You in advance.

 

Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19475  BrowserJavaVersion: 10.25.2
Run by Mark at 16:16:52 on 2013-10-09
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1918.851 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Mark\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Mark\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42860387992459616&UM=2&ctid=CT3310511
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: {01F8ED1E-97F2-46EC-B9FF-E76A3A4BE89d} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110217132224.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [Google Update] "c:\users\mark\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\mark\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Amazon Cloud Player] c:\users\mark\appdata\local\amazon cloud player\Amazon Music Helper.exe
uRun: [AmazonMP3DownloaderHelper] c:\users\mark\appdata\local\program files\amazon\mp3 downloader\AmazonMP3DownloaderHelper.exe
mRun: [Skytel] Skytel.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdateP2GoShortCut] c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.199\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{8279606B-91DB-4548-86F1-29856A249B08} : DHCPNameServer = 192.168.10.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\l2iclhls.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN34492814169507279&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/residential/oklahomacity/home.cox
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mark\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\mark\appdata\local\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: c:\users\mark\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\mark\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 386840]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-17 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-17 164840]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-17 171168]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-17 141792]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-3-11 1153368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-9 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-9 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-17 313288]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-17 55840]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-17 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-9 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-27 24576]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-9 88176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [2011-2-23 237008]
S4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-17 271480]
S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-17 271480]
S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-17 271480]
S4 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-17 188136]
.
=============== Created Last 30 ================
.
2013-10-09 20:09:40    --------    d-----w-    C:\a4cb75f1df97d2849dca69a365
2013-10-09 19:14:58    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 19:12:58    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 19:12:54    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:10:24    35328    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-10-09 18:15:24    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e50891a4-4beb-4697-9d43-48cb82916cf1}\mpengine.dll
2013-10-08 15:29:54    7328304    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-04 17:47:03    74136    ----a-w-    c:\program files\mozilla firefox\updated\breakpadinjector.dll
2013-10-04 17:47:03    262552    ----a-w-    c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2013-10-04 17:47:03    19352    ----a-w-    c:\program files\mozilla firefox\updated\AccessibleMarshal.dll
2013-09-22 22:57:14    --------    d-----w-    c:\program files\iPod
2013-09-22 22:57:12    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-22 22:55:04    --------    d-----w-    c:\program files\Bonjour
2013-09-22 22:37:18    --------    d-----w-    c:\users\mark\SyncFolder
2013-09-22 22:17:41    2678760    ----a-w-    c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\td4hgt69\SkywalkerSetup[1].exe
2013-09-22 22:15:59    3519136    ----a-w-    c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\ggevrxbs\WSSetup[1].exe
2013-09-22 22:15:28    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-09-22 22:15:28    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-09-22 22:15:28    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-09-22 22:15:22    --------    d-----w-    c:\windows\system32\WNLT
2013-09-22 22:11:32    --------    d-----w-    c:\program files\Free Window Registry Repair
2013-09-22 22:11:19    --------    d-----w-    c:\program files\MyPC Backup
2013-09-12 20:25:41    --------    d-----w-    c:\programdata\Uniblue
2013-09-11 19:06:38    615936    ----a-w-    c:\windows\system32\themeui.dll
.
==================== Find3M  ====================
.
2013-10-08 19:14:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:14:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 12:57:49    916992    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 12:51:49    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 12:51:24    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-23 12:51:07    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-23 12:51:06    71680    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-23 12:49:22    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 11:14:03    385024    ----a-w-    c:\windows\system32\html.iec
2013-09-23 09:29:22    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-23 09:27:14    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-09 08:54:24    773968    ----a-w-    c:\windows\system32\msvcr100.dll
2013-09-09 08:54:24    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-08-15 20:10:12    81768    ----a-w-    C:\ministub.exe
2013-08-02 04:09:35    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-01 02:49:15    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-07-20 10:44:53    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 19:41:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-12 17:01:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-12 17:01:36    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-12 17:01:36    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:17:55.39 ===============
 

 

Any help will be very much appreciated!!!!

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 10 October 2013 - 03:00 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or McAfee.

 

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 October 2013 - 05:08 PM

Hello Marius, and I appreciate your help on this problem.

 

I attempted to delete the MICROSOFTSECURITY ESSENTIALS program, but it would not allow me to.  I received the following when I attempted to delete it:

" The Microsoft Security Client Install Wizard cant find files that are necessary to complete the installation.  To install this program, please download the installation again from the Microsoft Security Client web site."

 

So, after receiving this twice, i went ahead and deleted McAffee Security Suite.

 

I'm not sure if this is part of the other issue, but, we have had issues with our ITunes for over a year.  We've tried deleteing and re-installing recently, but none of these helped.

 

Below is the log from the Malwarebytes Anti-Rootkit program:

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19475
Mark :: HOMEOFFICE [administrator]

10/10/2013 4:24:13 PM
mbar-log-2013-10-10 (16-24-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 266597
Time elapsed: 41 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\U (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\L (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\L (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45 (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45 (Trojan.Siredef.C) -> No action taken.

Files Detected: 5
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\n (Trojan.FakeMS) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\00000001.@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\80000000.@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\800000cb.@ (Trojan.Siredef.C) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

Thanks and Im waiting for your next directions.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 11 October 2013 - 07:30 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 11 October 2013 - 04:15 PM

here is the log after the combofix.:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.11.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19475
Mark :: HOMEOFFICE [administrator]

10/11/2013 3:23:05 PM
mbar-log-2013-10-11 (15-23-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 265451
Time elapsed: 34 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

 

Here is the system log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19475

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2010918912, free: 872960000

Downloaded database version: v2013.10.10.06
Downloaded database version: v2013.10.08.02
=======================================
Initializing...
------------ Kernel report ------------
     10/10/2013 16:24:04
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff86be4030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff86be0cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86bdcac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff86be9cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86bdc030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff86be0030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86be9750
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff86be0688
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85897ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xffffffff8418f478
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85897ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85408b30, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85897ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff841a3700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8418f478, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 66F2E07A

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 291606192
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86be9750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86be91b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86be9750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86be0688, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86bdc030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86bdea18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86bdc030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86be0030, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86bdcac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86be3020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86bdcac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86be9cb8, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86be4030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86be3d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86be4030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86be0cb8, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\n --> [Trojan.FakeMS]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\00000001.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\80000000.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\U\800000cb.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$16f59c00ae515dc2add903af0dac2d45 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-458562501-165599944-3750968661-1000\$16f59c00ae515dc2add903af0dac2d45 --> [Trojan.Siredef.C]
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_20973568_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19475

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2010918912, free: 1235914752

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19475

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2010918912, free: 1225101312

Downloaded database version: v2013.10.11.08
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     10/11/2013 15:22:55
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B317BAA7-3F7F-4BBF-805E-C6B1F3CDB458}\MpKsl7df542b8.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff86c4e938
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff86c518b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86c50498
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff86c4d9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86c50ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff86c4f510
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86c4d438
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff86c4c030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8589b9f0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000056\
Lower Device Object: 0xffffffff84b13af0
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8589b9f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8589b6d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8589b9f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84b13628, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84b13af0, DeviceName: \Device\00000056\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 66F2E07A

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 291606192
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86c4d438, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86c4c398, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86c4d438, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86c4c030, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86c50ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86c51598, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86c50ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86c4f510, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86c50498, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86c4dd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86c50498, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86c4d9a0, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86c4e938, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86c4e620, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86c4e938, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86c518b0, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_20973568_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

 

Im searching for the combofix file:
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 12 October 2013 - 09:19 AM

You´ll find it at C:\combofix.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 October 2013 - 09:19 AM

It says that isnt a good file, and if i try to download and run combofix again, it tries to rename it combofix(1), and says that isnt able to work.

 

????

 

The security pop-up at the beginnging is gone, but ITUNES still will not work.

 

What would you like me to do next?



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 14 October 2013 - 09:47 AM

uh oh...

 

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 October 2013 - 12:12 PM

This is starting to get outside the range of "for the novice..."

 

So, Ill go buy Blank CD's, and download this to a CD..Will the BIOS start on its own?

 

BTW, the computer is running the best it has in a while, and the ITUNES hasnt been able to work for some time.  We have attempted to delete ALL of the Apple products on this computer, and re-install them after that, but it hasnt worked.  The ITUNES issue was in fact a problem before the SECURITY alert I origanlly came here regarding.



#10 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 October 2013 - 01:05 PM

Ok, wait just a second.....

 

I was finally able to find the combofix file that was downloaded, and got it to run....

 

Here is the file from combofix:

 

ComboFix 13-10-13.02 - Mark 10/14/2013  12:36:46.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1918.1080 [GMT -5:00]
Running from: c:\users\Mark\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\lit9lifc.default\extensions\{8ee08f51-3e70-467f-8dfa-c41078bd1d97}
c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\lit9lifc.default\extensions\{8ee08f51-3e70-467f-8dfa-c41078bd1d97}\chrome.manifest
c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\lit9lifc.default\extensions\{8ee08f51-3e70-467f-8dfa-c41078bd1d97}\chrome\xulcache.jar
c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\lit9lifc.default\extensions\{8ee08f51-3e70-467f-8dfa-c41078bd1d97}\install.rdf
c:\users\Mark\AppData\Roaming\install
c:\users\Mark\AppData\Roaming\Roaming
c:\users\Mark\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ziehnnn.com\settings.sol
c:\users\Mark\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\windows\UA000091.DLL
c:\windows\Update.bat
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 17:57 . 2013-10-14 17:58    --------    d-----w-    c:\users\Mark\AppData\Local\temp
2013-10-14 17:57 . 2013-10-14 17:57    --------    d-----w-    c:\users\Traci\AppData\Local\temp
2013-10-14 17:57 . 2013-10-14 17:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-14 17:57 . 2013-10-14 17:57    --------    d-----w-    c:\users\Brittany\AppData\Local\temp
2013-10-14 17:57 . 2013-10-14 17:57    --------    d-----w-    c:\users\Brady\AppData\Local\temp
2013-10-14 14:19 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{340954F7-1E7D-4929-B0EE-899541347D4C}\mpengine.dll
2013-10-11 21:15 . 2013-09-05 05:02    7328304    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-11 20:22 . 2013-10-11 20:22    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-11 20:22 . 2013-10-11 20:22    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-10 21:24 . 2013-10-11 20:58    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-09 19:14 . 2013-08-01 03:16    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 19:12 . 2013-06-26 23:01    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 19:12 . 2013-08-29 07:36    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:10 . 2013-07-03 02:33    35328    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-10-04 17:47 . 2013-08-20 00:47    74136    ----a-w-    c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-10-04 17:47 . 2013-08-20 00:47    19352    ----a-w-    c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-10-04 17:47 . 2013-08-20 00:47    262552    ----a-w-    c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-09-22 22:57 . 2013-09-22 22:57    --------    d-----w-    c:\program files\iPod
2013-09-22 22:57 . 2013-09-22 22:58    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-22 22:55 . 2013-09-22 22:55    --------    d-----w-    c:\program files\Bonjour
2013-09-22 22:43 . 2013-09-22 22:43    --------    d-----w-    c:\program files\Apple Software Update
2013-09-22 22:37 . 2013-10-11 21:14    --------    d-----w-    c:\users\Mark\SyncFolder
2013-09-22 22:17 . 2013-09-22 22:17    2678760    ----a-w-    c:\program files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD4HGT69\SkywalkerSetup[1].exe
2013-09-22 22:15 . 2013-09-22 22:16    3519136    ----a-w-    c:\program files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGEVRXBS\WSSetup[1].exe
2013-09-22 22:15 . 2013-09-09 08:54    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-09-22 22:15 . 2013-09-09 08:54    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-09-22 22:15 . 2013-09-09 08:54    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-09-22 22:11 . 2013-09-23 13:44    --------    d-----w-    c:\program files\MyPC Backup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 19:14 . 2012-10-08 18:44    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-08 19:14 . 2011-06-23 13:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 08:54 . 2013-08-15 20:12    773968    ----a-w-    c:\windows\system32\msvcr100.dll
2013-09-09 08:54 . 2013-08-15 20:12    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-09-06 00:15 . 2013-09-06 00:16    718712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3926B3DE-3805-4306-8A3E-2F7C1BE83A42}\gapaengine.dll
2013-08-23 02:33 . 2012-02-29 21:14    697992    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-15 20:10 . 2013-08-15 20:10    81768    ----a-w-    C:\ministub.exe
2013-08-02 04:09 . 2013-08-30 20:50    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-14 20:21    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-10-14 04:28 . 2011-02-17 19:22    24376    ----a-w-    c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-09-23 7342592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Amazon Cloud Player"="c:\users\Mark\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-09-11 3109376]
"AmazonMP3DownloaderHelper"="c:\users\Mark\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdateP2GoShortCut"="c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" [2008-06-14 210216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458562501-165599944-3750968661-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 19:14]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458562501-165599944-3750968661-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 15:08]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458562501-165599944-3750968661-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 15:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42860387992459616&UM=2&ctid=CT3310511
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\l2iclhls.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN34492814169507279&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/residential/oklahomacity/home.cox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01F8ED1E-97F2-46EC-B9FF-E76A3A4BE89d} - (no file)
c:\users\Brady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe -startup
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 12:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
 [0] 0x408468E8
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-10-14  13:01:54
ComboFix-quarantined-files.txt  2013-10-14 18:01
.
Pre-Run: 75,465,105,408 bytes free
Post-Run: 75,587,678,208 bytes free
.
- - End Of File - - 14BD6518B37A56C3DAA7B8C7C1A9B587
8C9F9E03865C35F0F3829A23CDA42F5D
 

 

Ok, now I'll wait on you before doing the last thing you had asked me to do....



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 15 October 2013 - 02:18 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 17 October 2013 - 10:44 AM

Combofix.txt report:

ComboFix 13-10-16.02 - Mark 10/17/2013  10:13:33.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1918.1110 [GMT -5:00]
Running from: c:\users\Mark\Downloads\ComboFix.exe
Command switches used :: c:\users\Mark\Downloads\CFScriptB-4.gif
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-17 to 2013-10-17  )))))))))))))))))))))))))))))))
.
.
2013-10-17 15:34 . 2013-10-17 15:34    --------    d-----w-    c:\users\Mark\AppData\Local\temp
2013-10-17 15:34 . 2013-10-17 15:34    --------    d-----w-    c:\users\Traci\AppData\Local\temp
2013-10-17 15:34 . 2013-10-17 15:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-17 15:34 . 2013-10-17 15:34    --------    d-----w-    c:\users\Brittany\AppData\Local\temp
2013-10-17 15:34 . 2013-10-17 15:34    --------    d-----w-    c:\users\Brady\AppData\Local\temp
2013-10-16 23:47 . 2013-10-14 06:39    7796464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18845F1E-ABAE-4A8A-8E82-32693C948F30}\mpengine.dll
2013-10-15 16:44 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-11 20:22 . 2013-10-11 20:22    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-11 20:22 . 2013-10-11 20:22    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-10 21:24 . 2013-10-11 20:58    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-09 19:14 . 2013-08-01 03:16    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 19:12 . 2013-06-26 23:01    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 19:12 . 2013-08-29 07:36    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:10 . 2013-07-03 02:33    35328    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-10-04 17:47 . 2013-08-20 00:47    74136    ----a-w-    c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-10-04 17:47 . 2013-08-20 00:47    19352    ----a-w-    c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-10-04 17:47 . 2013-08-20 00:47    262552    ----a-w-    c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-09-22 22:57 . 2013-09-22 22:57    --------    d-----w-    c:\program files\iPod
2013-09-22 22:57 . 2013-09-22 22:58    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-22 22:55 . 2013-09-22 22:55    --------    d-----w-    c:\program files\Bonjour
2013-09-22 22:43 . 2013-09-22 22:43    --------    d-----w-    c:\program files\Apple Software Update
2013-09-22 22:37 . 2013-10-11 21:14    --------    d-----w-    c:\users\Mark\SyncFolder
2013-09-22 22:15 . 2013-09-09 08:54    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-09-22 22:15 . 2013-09-09 08:54    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-09-22 22:15 . 2013-09-09 08:54    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-09-22 22:11 . 2013-09-23 13:44    --------    d-----w-    c:\program files\MyPC Backup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 19:14 . 2012-10-08 18:44    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-08 19:14 . 2011-06-23 13:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 08:54 . 2013-08-15 20:12    773968    ----a-w-    c:\windows\system32\msvcr100.dll
2013-09-09 08:54 . 2013-08-15 20:12    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-09-06 00:15 . 2013-09-06 00:16    718712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3926B3DE-3805-4306-8A3E-2F7C1BE83A42}\gapaengine.dll
2013-08-23 02:33 . 2012-02-29 21:14    697992    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-15 20:10 . 2013-08-15 20:10    81768    ----a-w-    C:\ministub.exe
2013-08-02 04:09 . 2013-08-30 20:50    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2010-10-14 04:28 . 2011-02-17 19:22    24376    ----a-w-    c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-09-23 7342592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Amazon Cloud Player"="c:\users\Mark\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-09-11 3109376]
"AmazonMP3DownloaderHelper"="c:\users\Mark\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdateP2GoShortCut"="c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" [2008-06-14 210216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458562501-165599944-3750968661-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 19:14]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458562501-165599944-3750968661-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 15:08]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458562501-165599944-3750968661-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24 15:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42860387992459616&UM=2&ctid=CT3310511
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0209&m=et1161-05
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\l2iclhls.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN34492814169507279&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/residential/oklahomacity/home.cox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-17 10:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-10-17  10:38:06
ComboFix-quarantined-files.txt  2013-10-17 15:37
ComboFix2.txt  2013-10-14 18:01
.
Pre-Run: 76,115,824,640 bytes free
Post-Run: 76,078,874,624 bytes free
.
- - End Of File - - F95A61CC167FABA9EA7FD615650C23A3
8C9F9E03865C35F0F3829A23CDA42F5D
 

Malwarebyte log next...



#13 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 17 October 2013 - 01:32 PM

Malwarebyte log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.17.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19475
Mark :: HOMEOFFICE [administrator]

10/17/2013 10:43:29 AM
mbam-log-2013-10-17 (10-43-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462026
Time elapsed: 2 hour(s), 23 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {61118506-23D4-11E3-83C5-002197D97547} -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {61118506-23D4-11E3-83C5-002197D97547} -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN42860387992459616&UM=2&ctid=CT3310511) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 4
C:\ministub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGEVRXBS\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD4HGT69\SkywalkerSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

(end)
 

Next scanning with MBR, then Farbar, log to follow.



#14 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 17 October 2013 - 02:57 PM

I did NOT do the fixMBR button, just saved the log.

 

aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-17 13:40:01
-----------------------------
13:40:01.249    OS Version: Windows 6.0.6002 Service Pack 2
13:40:01.249    Number of processors: 1 586 0x7F02
13:40:01.250    ComputerName: HOMEOFFICE  UserName: Mark
13:40:01.807    Initialize success
13:40:41.303    AVAST engine defs: 13101700
13:40:44.833    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
13:40:44.846    Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 6
13:40:45.121    Disk 0 MBR read successfully
13:40:45.124    Disk 0 MBR scan
13:40:45.131    Disk 0 unknown MBR code
13:40:45.157    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
13:40:45.175    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       142385 MB offset 20973568
13:40:45.220    Disk 0 scanning sectors +312579760
13:40:45.520    Disk 0 scanning C:\Windows\system32\drivers
13:41:13.945    Service scanning
13:42:25.643    Modules scanning
13:42:57.764    Disk 0 trace - called modules:
13:42:57.795    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
13:42:57.795    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a0c430]
13:42:57.810    3 CLASSPNP.SYS[82fac8b3] -> nt!IofCallDriver -> [0x847973e8]
13:42:57.810    5 acpi.sys[806156bc] -> nt!IofCallDriver -> \Device\00000059[0x85114b88]
13:42:59.948    AVAST engine scan C:\Windows
13:43:05.938    AVAST engine scan C:\Windows\system32
13:49:35.688    AVAST engine scan C:\Windows\system32\drivers
13:49:55.017    AVAST engine scan C:\Users\Mark
14:37:45.009    AVAST engine scan C:\ProgramData
14:40:25.299    Scan finished successfully
14:54:29.218    Disk 0 MBR has been saved successfully to "C:\Users\Mark\Documents\MBR.dat"
14:54:29.218    The log file has been saved successfully to "C:\Users\Mark\Documents\aswMBR.txt"

 

FarBar log to follow...



#15 okcmark

okcmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 17 October 2013 - 03:02 PM

Here is the FarBar log:

 

Farbar Service Scanner Version: 13-09-2013
Ran by Mark (administrator) on 17-10-2013 at 15:00:10
Running from "C:\Users\Mark\Downloads"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 15:21] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

I'll await any further instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users