arnolfini

Honorary Members
  • Content count

    87
  • Joined

  • Last visited

About arnolfini

  • Rank
    Regular Member
  1. Hello again, Thank you very much for your time and effort on this matter. I ended up reinstalling windows completely and obviously the system is running as normal now. Again I appreciate your expertise and time in helping me resolve this. Chris
  2. Please let me know if you have any other suggestions as I will format and reinstall tonight. Thanks again, Chris
  3. Yes, I still have the original issue. It happens in internet explorer, chrome, and firefox with all websites. Thanks, Chris
  4. Yes, here it is. Sorry about that. Addition.txt FRST.txt Shortcut.txt
  5. Hi again; I appreciate all the help. Here are the logfiles, attached. Addition.txt FRST.txt Shortcut.txt
  6. Yes it does. I'm not sure if I did something wrong. Thanks, Chris
  7. Hello again. I have attempted to run the fix; however the PC behavior is the same. I have attached the log file to this message. Fixlog.txt
  8. Thank you very much for your prompt reply. I will do the steps above and report back. Chris
  9. Hi and thank you for your message. Yes I have scanned it with Malwarebytes many times.
  10. Hello, I am having some issues with my PC. All browsers (firefox and chrome) are continually showing new tabs with redirects to various PC help ads. Also, upon login, I keep getting an error about virtualmart.dll. I think that is what it says. Another extremely annoying issue I'm having is that I cannot sign into these forums on the infected PC or another non-infected Windows PC. Only on my macbook can I actually sign in and post here. Any help would be very much appreciated. Thank you for your time, Chris Log files attached. Addition.txt FRST.txt
  11. It seems to be running very well now. Thanks for all your assistance!
  12. Great, here is the log from security check: Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader XI Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````
  13. Okay, here is the DDS log. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635Run by michael at 16:12:36 on 2013-07-16Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.5923 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\AppleOSSMgr.exeC:\Windows\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Boot Camp\Bootcamp.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\System32\MsSpellCheckingFacility.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dlluRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - F:\Program Files\Office15\EXCEL.EXE/3000.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{6C597E49-36AA-468B-9845-0F7ABA0F6713} : DHCPNameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{715E5BE5-3EEB-4278-99F1-393E88159A34} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{E93AB152-D10E-4871-9953-B6547FB6D62F} : DHCPNameServer = 74.5.116.246 205.244.194.36Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Office15\URLREDIR.DLLx64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dllx64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2012-11-27 72576]R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2012-11-27 16256]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-13 19224]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2012-11-27 225704]R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2012-11-27 94120]R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2013-5-10 1940816]R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2012-11-27 17792]R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2012-11-27 22912]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-13 363800]R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-6-13 19456]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-6-13 70744]R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-6-13 18432]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-13 331264]R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2013-6-13 18432]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-13 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-13 789272]R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-6-13 25600]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AppleODD;Apple ODD;C:\Windows\System32\drivers\AppleODD.sys [2013-6-13 8704]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-13 1255736].=============== Created Last 30 ================.2013-07-16 15:49:02 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51CD118E-90C7-455B-9162-7953A8D5D040}\mpengine.dll2013-07-16 15:34:51 -------- d-----w- C:\Windows\ERUNT2013-07-16 14:04:46 -------- d-----w- C:\Windows\System32\MRT2013-07-16 01:38:08 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-10 14:59:51 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 14:59:51 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 14:59:51 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 14:59:51 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 14:59:51 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 14:59:51 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 14:59:51 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 14:59:51 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 14:59:51 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 14:59:50 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 14:59:50 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 14:59:15 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 14:58:42 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 14:58:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 14:58:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 14:58:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 14:58:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-25 01:42:35 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-06-25 01:42:17 -------- d-----w- C:\Program Files\iTunes2013-06-25 01:42:17 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-21 18:54:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F827F045-C985-48BB-8EAB-B6A431AED210}\gapaengine.dll2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-06-18 15:43:21 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock2013-06-18 01:27:54 -------- d-----w- C:\Windows\PCHEALTH2013-06-18 01:25:11 -------- d-----w- C:\Users\michael\AppData\Local\Microsoft Help2013-06-18 01:22:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes2013-06-17 12:09:42 5086424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 12:09:42 4851904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 12:09:42 25405632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-06-17 11:53:32 6807768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 11:53:32 6584000 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 11:53:22 3626688 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL2013-06-17 11:53:22 35405504 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL10013-06-13 09:47:47 -------- d-----w- C:\Windows\Panther10013-06-13 09:47:35 -------- d-sh--w- C:\Boot.==================== Find3M ====================.2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-06-15 17:39:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-15 17:39:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-25 01:37:57 129944 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll.============= FINISH: 16:12:45.50 ===============