flymedic

New computer doing weird things

7 posts in this topic

I built a new computer this past weekend and almost immediately started having problems with internet explorer. I would get a notice that malwarbytes blocked IP 66.150.140.41 everytime I opened IE. I was attempting to post this topic and would get an error message blocking me from making the post. I found on my start orb internet explorer 64 bit and opened it and have not had the problem repeat thus far so I removed shortcut from task bar and put the 64 bit shortcut on task bar. However I still want to make sure there is nothing on my computer.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Keatts at 16:39:22 on 2013-03-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7886.6045 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Keatts\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

C:\Users\Keatts\AppData\Roaming\SearchProtect\bin\cltmng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PasswordBox\pbbtnService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\XFastUSB\XFastUsb.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\program files (x86)\deal spy\deal spy-bg.exe

c:\program files (x86)\aol toolbar\aoltbServer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

mURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

mWinlogon: Userinit = userinit.exe,

BHO: Social Privacy: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Social Privacy\sp.dll

BHO: Deal Spy: {11111111-1111-1111-1111-110211621176} - C:\Program Files (x86)\Deal Spy\Deal Spy.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Keatts\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: GetSavin 5.0: {9976482F-FF0E-4797-B5AC-7E7AA3FCB3B7} - C:\Users\Keatts\AppData\Local\getsavin\ie\getsavin_1361393438.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll

TB: MixiDJ V8 Toolbar: {E4C3A8B6-7724-45D1-A629-17B69118EBCD} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

TB: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll

TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

uRun: [ASRockXTU] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{DD8027BE-3365-4BB4-A230-8C2B98C0321B} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]

R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-3-2 31016]

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-2 647736]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-2 28216]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-2 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-3-2 17192]

R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-3-2 16648]

R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-2-20 93984]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Keatts\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-3-1 107520]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-2 14904]

R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 682344]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-2-27 66560]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-2 59392]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-2 84608]

R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]

R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-2 342528]

R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-2 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-2 788760]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-1 24176]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-3-2 32344]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-3-2 34752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-1 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-1 1255736]

.

=============== Created Last 30 ================

.

2013-03-07 02:23:05 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D28A9B91-50A2-4B3B-ADF8-A0950D577055}\mpengine.dll

2013-03-05 17:33:38 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-04 02:55:11 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-04 02:55:11 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-04 02:55:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-02 08:02:19 -------- d-----w- C:\Windows\Panther

2013-03-02 07:05:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-03-02 07:05:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-03-02 07:05:35 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-03-02 07:05:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-03-02 06:38:16 -------- d-----w- C:\Users\Keatts\AppData\Local\Cyberlink

2013-03-02 06:35:56 -------- d-----w- C:\Program Files\Broadcom

2013-03-02 06:35:35 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp

2013-03-02 06:35:35 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys

2013-03-02 06:34:34 -------- d-----w- C:\Program Files (x86)\ASM106xSATA

2013-03-02 06:34:04 84608 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys

2013-03-02 06:34:04 59392 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys

2013-03-02 06:34:04 -------- d-----w- C:\Program Files (x86)\Etron Technology

2013-03-02 06:33:36 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys

2013-03-02 06:33:29 788760 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys

2013-03-02 06:33:28 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys

2013-03-02 06:32:53 -------- d-sh--w- C:\Windows\Installer

2013-03-02 06:32:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2013-03-02 06:32:37 62784 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2013-03-02 06:24:38 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll

2013-03-02 06:24:10 -------- d-----w- C:\Intel

2013-03-01 22:18:48 -------- d-----w- C:\Users\Keatts\AppData\Roaming\Malwarebytes

2013-03-01 22:18:38 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-01 22:18:37 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-01 22:18:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-01 22:18:04 -------- d-----w- C:\Users\Keatts\AppData\Local\Programs

2013-03-01 20:35:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-03-01 20:23:06 -------- d-----w- C:\Windows\PCHEALTH

2013-03-01 19:25:34 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-01 19:25:34 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-01 19:25:18 -------- d-----w- C:\Users\Keatts\AppData\Local\CrashDumps

2013-03-01 19:24:21 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2013-03-01 19:20:58 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll

2013-03-01 19:20:58 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2013-03-01 19:20:58 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2013-03-01 19:20:58 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2013-03-01 19:20:58 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2013-03-01 19:20:58 -------- d-----w- C:\Program Files (x86)\PDFCreator

2013-03-01 19:20:39 -------- d-----w- C:\Users\Keatts\AppData\Local\AOL Toolbar

2013-03-01 19:20:37 -------- d-----w- C:\Program Files (x86)\PasswordBox

2013-03-01 19:20:19 -------- d-----w- C:\Users\Keatts\AppData\Roaming\DefaultTab

2013-03-01 19:20:06 -------- d-----w- C:\Program Files (x86)\Social Privacy

2013-03-01 19:20:01 -------- d-----w- C:\ProgramData\AOL Toolbar

2013-03-01 19:20:01 -------- d-----w- C:\Program Files (x86)\AOL Toolbar

2013-03-01 19:09:01 -------- d-----w- C:\Program Files (x86)\Conduit

2013-03-01 19:08:57 -------- d-----w- C:\Program Files (x86)\SearchProtect

2013-03-01 19:08:14 -------- d-----w- C:\Users\Keatts\AppData\Roaming\SearchProtect

2013-03-01 19:08:14 -------- d-----w- C:\Users\Keatts\AppData\Local\Conduit

2013-03-01 19:08:13 -------- d-----w- C:\Program Files (x86)\MixiDJ_V8

2013-03-01 19:07:59 -------- d-----w- C:\Program Files (x86)\PricePeep

2013-03-01 19:07:58 -------- d-----w- C:\Users\Keatts\AppData\Local\Deal Spy

2013-03-01 19:07:55 -------- d-----w- C:\Program Files (x86)\InfoAtoms

2013-03-01 19:07:54 -------- d-----w- C:\Users\Keatts\AppData\Local\Updater26276

2013-03-01 19:07:53 -------- d-----w- C:\Program Files (x86)\Deal Spy

2013-03-01 19:07:38 -------- d-----w- C:\Users\Keatts\AppData\Local\getsavin

2013-03-01 19:06:22 -------- d-----w- C:\Program Files\Core Temp

2013-03-01 19:05:52 -------- d-----w- C:\ProgramData\APN

2013-03-01 18:08:50 -------- d-----w- C:\Users\Keatts\AppData\Local\Adobe

2013-03-01 17:51:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6380462A-DE49-4230-9D53-FB9200B8FDA8}\gapaengine.dll

2013-03-01 17:49:24 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-03-01 17:49:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-03-01 17:42:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-03-01 17:42:48 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-03-01 17:42:48 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-03-01 17:42:48 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-03-01 17:42:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-03-01 17:42:48 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-03-01 17:42:48 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-03-01 17:42:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-03-01 17:42:47 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-03-01 17:38:02 -------- d-----w- C:\Users\Keatts\AppData\Local\WindowsUpdate

2013-03-01 17:22:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-03-01 17:22:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-03-01 17:22:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-03-01 17:22:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-03-01 17:16:56 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-03-01 17:15:12 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2013-03-01 17:14:58 2315776 ----a-w- C:\Windows\System32\tquery.dll

2013-03-01 17:12:53 723456 ----a-w- C:\Windows\System32\EncDec.dll

2013-03-01 17:12:53 67072 ----a-w- C:\Windows\splwow64.exe

2013-03-01 17:12:53 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-03-01 17:12:53 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2013-03-01 17:12:52 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2013-03-01 17:12:52 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2013-03-01 17:12:52 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-03-01 17:12:49 77312 ----a-w- C:\Windows\System32\packager.dll

2013-03-01 17:12:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-03-01 17:12:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-03-01 17:12:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-03-01 17:12:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2013-03-02 06:36:11 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

.

============= FINISH: 16:39:27.18 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/2/2013 12:07:27 AM

System Uptime: 3/7/2013 2:05:49 PM (2 hours ago)

.

Motherboard: ASRock | | Z77 Extreme6

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 60 GiB total, 42.26 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 298 GiB total, 156.161 GiB free.

X: is FIXED (NTFS) - 119 GiB total, 106.041 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 3/1/2013 4:24:09 PM - Windows Update

RP17: 3/3/2013 8:55:03 PM - Installed Java 7 Update 15

RP18: 3/5/2013 11:33:29 AM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

AOL Toolbar

Asmedia ASM106x SATA Host Controller Driver

ASRock App Charger v1.0.5

ASRock eXtreme Tuner v0.1.250

ASRock InstantBoot v1.29

ASRock SmartConnect v1.0.6

ASRock XFast RAM v2.0.9

Broadcom NetLink Controller

Core Temp 1.0 RC4

CyberLink MediaEspresso

Deal Spy

DefaultTab

Download Updater (AOL Inc.)

Etron USB3.0 Host Controller

GetSavin

InfoAtoms [uninstall]

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Smart Connect Technology 2.0 x64

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 15

Java Auto Updater

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MixiDJ V8 Toolbar

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

PasswordBox

PDFCreator

PricePeep

Realtek High Definition Audio Driver

Search Protect by conduit

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Social Privacy

THX TruStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

XFast LAN v6.61

XFastUSB

.

==== Event Viewer Messages From Past Week ========

.

3/7/2013 2:05:57 PM, Error: volmgr [46] - Crash dump initialization failed!

3/3/2013 4:57:04 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win64/Sirefef.B&threatid=2147657891 Name: Virus:Win64/Sirefef.B ID: 2147657891 Severity: Severe Category: Virus Path: file:_E:\Windows\System32\services.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.145.963.0, AS: 1.145.963.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9203.0, NIS: 2.1.8904.0

3/2/2013 12:32:14 AM, Error: Service Control Manager [7023] - The Intel® Content Protection HECI Service service terminated with the following error: %%-2147024637

3/2/2013 1:03:08 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

3/1/2013 12:52:31 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.

3/1/2013 11:56:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

3/1/2013 11:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.851.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

3/1/2013 11:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.851.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

3/1/2013 11:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.851.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

3/1/2013 11:51:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:51:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:51:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:50:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:50:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:50:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/1/2013 11:33:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

3/1/2013 11:33:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2797052).

3/1/2013 11:33:22 AM, Error: Service Control Manager [7023] -

3/1/2013 11:32:50 AM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

3/1/2013 11:32:50 AM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello flymedic and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

The problem is due to some malicious applications integrated in your browser. Let's clean them.

Step 1

Please uninstall the following applications:

Deal Spy

DefaultTab

GetSavin

MixiDJ V8 Toolbar

PricePeep

Search Protect by conduit

Social Privacy

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Share this post


Link to post
Share on other sites

Thank you for your help. I have done all requested and here are the reports

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.9 (03.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Keatts on Fri 03/08/2013 at 12:10:37.08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\aol toolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\firstsearch

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3287822

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"

Successfully deleted: [Folder] "C:\Users\Keatts\appdata\local\aol toolbar"

Successfully deleted: [Folder] "C:\Users\Keatts\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Keatts\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Keatts\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 03/08/2013 at 12:13:18.00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.08.15

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Keatts :: KEATTS-PC [administrator]

Protection: Enabled

3/8/2013 12:24:24 PM

mbam-log-2013-03-08 (12-24-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207556

Time elapsed: 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Keatts at 12:25:13 on 2013-03-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7886.6122 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PasswordBox\pbbtnService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\XFastUSB\XFastUsb.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\explorer.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

uRun: [ASRockXTU] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{DD8027BE-3365-4BB4-A230-8C2B98C0321B} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]

R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-3-2 31016]

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-2 647736]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-2 28216]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-2 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-3-2 17192]

R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-3-2 16648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-2 14904]

R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 682344]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-3-1 67584]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-2 59392]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-2 84608]

R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]

R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-2 342528]

R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-2 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-2 788760]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-1 24176]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-3-2 32344]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-3-2 34752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-1 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-1 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-1 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-1 1255736]

.

=============== Created Last 30 ================

.

2013-03-08 18:13:47 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{947A6DF1-20EC-4A70-AF41-4E752C97C9FB}\mpengine.dll

2013-03-08 18:10:36 -------- d-----w- C:\Windows\ERUNT

2013-03-08 18:10:28 -------- d-----w- C:\JRT

2013-03-08 18:05:32 -------- d-----w- C:\components

2013-03-07 02:23:05 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-04 02:55:11 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-04 02:55:11 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-04 02:55:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-02 08:02:19 -------- d-----w- C:\Windows\Panther

2013-03-02 07:05:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-03-02 07:05:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-03-02 07:05:35 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-03-02 07:05:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-03-02 06:38:16 -------- d-----w- C:\Users\Keatts\AppData\Local\Cyberlink

2013-03-02 06:35:56 -------- d-----w- C:\Program Files\Broadcom

2013-03-02 06:35:35 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp

2013-03-02 06:35:35 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys

2013-03-02 06:34:34 -------- d-----w- C:\Program Files (x86)\ASM106xSATA

2013-03-02 06:34:04 84608 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys

2013-03-02 06:34:04 59392 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys

2013-03-02 06:34:04 -------- d-----w- C:\Program Files (x86)\Etron Technology

2013-03-02 06:33:36 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys

2013-03-02 06:33:29 788760 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys

2013-03-02 06:33:28 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys

2013-03-02 06:32:53 -------- d-sh--w- C:\Windows\Installer

2013-03-02 06:32:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2013-03-02 06:32:37 62784 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2013-03-02 06:24:38 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll

2013-03-02 06:24:10 -------- d-----w- C:\Intel

2013-03-01 22:18:48 -------- d-----w- C:\Users\Keatts\AppData\Roaming\Malwarebytes

2013-03-01 22:18:38 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-01 22:18:37 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-01 22:18:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-01 22:18:04 -------- d-----w- C:\Users\Keatts\AppData\Local\Programs

2013-03-01 20:35:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-03-01 20:23:06 -------- d-----w- C:\Windows\PCHEALTH

2013-03-01 19:25:34 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-01 19:25:34 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-01 19:25:18 -------- d-----w- C:\Users\Keatts\AppData\Local\CrashDumps

2013-03-01 19:20:58 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll

2013-03-01 19:20:58 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2013-03-01 19:20:58 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2013-03-01 19:20:58 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2013-03-01 19:20:58 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2013-03-01 19:20:58 -------- d-----w- C:\Program Files (x86)\PDFCreator

2013-03-01 19:20:37 -------- d-----w- C:\Program Files (x86)\PasswordBox

2013-03-01 19:07:58 -------- d-----w- C:\Users\Keatts\AppData\Local\Deal Spy

2013-03-01 19:06:22 -------- d-----w- C:\Program Files\Core Temp

2013-03-01 19:05:52 -------- d-----w- C:\ProgramData\APN

2013-03-01 18:08:50 -------- d-----w- C:\Users\Keatts\AppData\Local\Adobe

2013-03-01 17:51:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6380462A-DE49-4230-9D53-FB9200B8FDA8}\gapaengine.dll

2013-03-01 17:49:24 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-03-01 17:49:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-03-01 17:42:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-03-01 17:42:48 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-03-01 17:42:48 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-03-01 17:42:48 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-03-01 17:42:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-03-01 17:42:48 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-03-01 17:42:48 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-03-01 17:42:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-03-01 17:42:47 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-03-01 17:38:02 -------- d-----w- C:\Users\Keatts\AppData\Local\WindowsUpdate

2013-03-01 17:22:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-03-01 17:22:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-03-01 17:22:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-03-01 17:22:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-03-01 17:16:56 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-03-01 17:15:12 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2013-03-01 17:14:58 2315776 ----a-w- C:\Windows\System32\tquery.dll

2013-03-01 17:12:53 723456 ----a-w- C:\Windows\System32\EncDec.dll

2013-03-01 17:12:53 67072 ----a-w- C:\Windows\splwow64.exe

2013-03-01 17:12:53 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-03-01 17:12:53 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2013-03-01 17:12:52 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2013-03-01 17:12:52 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2013-03-01 17:12:52 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-03-01 17:12:49 77312 ----a-w- C:\Windows\System32\packager.dll

2013-03-01 17:12:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-03-01 17:12:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-03-01 17:12:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-03-01 17:12:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2013-03-02 06:36:11 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

.

============= FINISH: 12:25:17.77 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/2/2013 12:07:27 AM

System Uptime: 3/8/2013 6:32:03 AM (6 hours ago)

.

Motherboard: ASRock | | Z77 Extreme6

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 60 GiB total, 42.214 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 298 GiB total, 156.161 GiB free.

X: is FIXED (NTFS) - 119 GiB total, 106.041 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 3/1/2013 4:24:09 PM - Windows Update

RP17: 3/3/2013 8:55:03 PM - Installed Java 7 Update 15

RP18: 3/5/2013 11:33:29 AM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

AOL Toolbar

Asmedia ASM106x SATA Host Controller Driver

ASRock App Charger v1.0.5

ASRock eXtreme Tuner v0.1.250

ASRock InstantBoot v1.29

ASRock SmartConnect v1.0.6

ASRock XFast RAM v2.0.9

Broadcom NetLink Controller

Core Temp 1.0 RC4

CyberLink MediaEspresso

Download Updater (AOL Inc.)

Etron USB3.0 Host Controller

InfoAtoms [uninstall]

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Smart Connect Technology 2.0 x64

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 15

Java Auto Updater

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

PasswordBox

PDFCreator

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

THX TruStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

XFast LAN v6.61

XFastUSB

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Glad I could help! :)

Please manually delete DDS and Junkware Removal Tool log.

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.