Jump to content

Pop up ad lower left corner


Recommended Posts

Hello kbutler12il and welcome to MalwareBytes forums.

Please do -not- attach logs/reports. Only use NOTEPAD and Copy ALL contents of log and then Paste directly within the reply-text-box !

Kindly do that now for both DDS + Attach.txt logs so we can proceed forward.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0

Run by Kevin at 9:14:14 on 2012-11-25

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1465 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [sansaDispatch] C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: dell.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{313A29A8-35E4-429F-A0D7-044D04FDEB5B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{313A29A8-35E4-429F-A0D7-044D04FDEB5B}\46C696E6B6 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 198.15.104.132 www.google-analytics.com.

Hosts: 198.15.104.132 ad-emea.doubleclick.net.

Hosts: 198.15.104.132 www.statcounter.com.

Hosts: 72.29.93.243 www.google-analytics.com.

Hosts: 72.29.93.243 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AccuWeather Customized Web Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-20 07:40; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-18 55856]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-18 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-18 689472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-18 2533400]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-18 176096]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-11-18 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-11-18 158976]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-18 317440]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-20 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-18 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 60 ================

.

2012-11-25 04:54:40 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Mael

2012-11-25 03:21:15 -------- d-----w- C:\Program Files (x86)\HxD

2012-11-24 01:08:07 -------- d-----w- C:\Program Files (x86)\Scratch

2012-11-23 19:04:37 -------- d-----w- C:\windows\SysWow64\xlive

2012-11-23 19:04:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-11-23 18:11:17 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D321A3B-2FAA-429C-95E0-9A49B46D1B14}\offreg.dll

2012-11-23 18:10:38 -------- d-----w- C:\ProgramData\boost_interprocess

2012-11-23 14:25:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D321A3B-2FAA-429C-95E0-9A49B46D1B14}\mpengine.dll

2012-11-21 04:09:00 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2012-11-21 04:08:48 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-21 04:08:47 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-11-21 04:08:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-19 02:38:22 -------- d-----w- C:\Program Files (x86)\FTL

2012-11-15 13:34:17 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-15 13:34:17 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-15 13:34:17 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-15 13:34:17 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-15 13:23:32 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-15 13:23:32 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-11-15 13:23:31 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-11-15 13:23:31 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-11-15 13:23:30 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-11-15 13:23:30 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-11-15 13:23:30 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-11-13 23:31:29 -------- d-----w- C:\Program Files (x86)\Steam

2012-11-08 00:08:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-06 13:35:40 -------- d-----w- C:\Program Files\IDT

2012-11-04 16:36:13 -------- d-----w- C:\Users\Kevin\AppData\Roaming\uTorrent

2012-11-04 16:01:04 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui

2012-11-04 16:01:03 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll

2012-11-04 16:01:03 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-11-04 16:01:03 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-11-04 16:01:00 57856 ----a-w- C:\windows\System32\drivers\TsUsbFlt.sys

2012-11-04 16:01:00 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys

2012-11-04 16:01:00 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys

2012-11-04 00:23:02 -------- d-----w- C:\Users\Kevin\AppData\Local\LogMeIn Hamachi

2012-10-27 16:37:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-10-21 18:28:47 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-10-21 18:28:47 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-10-12 04:10:10 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com

2012-10-12 04:09:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-10-12 04:09:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-10-10 10:01:46 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-10 10:00:24 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-10-10 09:59:52 2048 ----a-w- C:\windows\System32\tzres.dll

2012-10-10 09:59:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-10-10 09:59:43 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-10-10 09:59:39 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-10-10 08:08:23 542208 ----a-w- C:\windows\SysWow64\kerberos.dll

2012-10-10 08:08:18 715776 ----a-w- C:\windows\System32\kerberos.dll

2012-10-10 08:07:35 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-10-10 08:07:35 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-10-10 08:07:34 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-10-10 08:06:58 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-10-10 08:06:58 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-10-10 08:06:57 1464320 ----a-w- C:\windows\System32\crypt32.dll

2012-10-09 19:49:08 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-10-09 19:49:08 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-10-09 19:49:08 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-09-29 06:48:09 -------- d-sh--w- C:\found.003

2012-09-28 03:24:51 -------- d-----w- C:\Users\Kevin\AppData\Local\Google

2012-09-26 17:04:36 -------- d-----w- C:\ProgramData\mzsavrdjtoxgqef

.

==================== Find6M ====================

.

2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-10-10 00:24:17 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 00:24:16 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll

2012-08-24 18:13:17 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-08-24 18:09:34 458712 ----a-w- C:\windows\System32\drivers\cng.sys

2012-08-24 18:05:03 340992 ----a-w- C:\windows\System32\schannel.dll

2012-08-24 18:04:18 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-08-24 18:03:09 1448448 ----a-w- C:\windows\System32\lsasrv.dll

2012-08-24 16:57:40 247808 ----a-w- C:\windows\SysWow64\schannel.dll

2012-08-24 16:57:40 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-08-24 16:57:37 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-08-24 16:53:35 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-08-23 14:13:11 243200 ----a-w- C:\windows\System32\rdpudd.dll

2012-08-23 13:47:20 46592 ----a-w- C:\windows\SysWow64\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:\windows\SysWow64\wksprtPS.dll

2012-08-23 13:20:40 54272 ----a-w- C:\windows\System32\MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:\windows\System32\wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:\windows\System32\TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:\windows\System32\tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:\windows\SysWow64\aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:\windows\System32\wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:\windows\System32\aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:\windows\System32\mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:\windows\System32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:\windows\SysWow64\mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:\windows\System32\mstscax.dll

2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-14 06:54:30 71680 ----a-w- C:\windows\System32\frapsv64.dll

2012-08-14 06:54:28 65536 ----a-w- C:\windows\SysWow64\frapsvid.dll

2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll

2012-07-08 17:17:47 627600 ----a-w- C:\windows\System32\deployJava1.dll

2012-07-08 17:10:09 772592 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2012-07-08 17:10:09 687600 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys

2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll

2012-07-04 20:26:03 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys

2012-06-10 06:36:19 560184 ----a-w- C:\windows\System32\drivers\sptd.sys

2012-06-06 13:49:52 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

.

============= FINISH: 9:15:51.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/22/2011 11:30:59 AM

System Uptime: 11/25/2012 8:17:00 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 024DTD

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 138.742 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP364: 11/22/2012 10:53:02 AM - Scheduled Checkpoint

RP365: 11/23/2012 8:24:37 AM - Windows Update

RP366: 11/23/2012 1:02:36 PM - Installed DirectX

RP367: 11/23/2012 1:04:39 PM - Installed DirectX

.

==== Hosts File Hijack ======================

.

Hosts: 198.15.104.132 www.google-analytics.com.

Hosts: 198.15.104.132 ad-emea.doubleclick.net.

Hosts: 198.15.104.132 www.statcounter.com.

Hosts: 72.29.93.243 www.google-analytics.com.

Hosts: 72.29.93.243 ad-emea.doubleclick.net.

Hosts: 72.29.93.243 www.statcounter.com.

.

==== Installed Programs ======================

.

Sansa Media Converter

Accidental Damage Services Agreement

Adobe After Effects CS6

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Media Player

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVS Update Manager 1.0

AVS Video Converter 8

AVS4YOU Software Navigator 1.4

Banctec Service Agreement

Bonjour

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.10

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

Canon Utilities Movie Uploader for YouTube

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

COD4 Community Launcher

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Support Center

Dell System Detect

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dell Wireless Driver Installation

DirectX 9 Runtime

Facebook Video Calling 1.2.0.159

FTL version 1.01

Google Chrome

Google Update Helper

Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)

HxD Hex Editor version 1.7.7.0

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

iTunes

Java Auto Updater

Java 7

Java 7 (64-bit)

Java 7 Update 5

Junk Mail filter update

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Expression Blend 4

Microsoft Expression Blend 4 Add-in for Adobe FXG Import

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Blend SDK for Windows Phone 7

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio Platform Tools

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Paint.NET v3.5.10

Pando Media Booster

PhotoShowExpress

Pinnacle Instant DVD Recorder

Pinnacle Video Driver

Premium Service Agreement

QualxServ Service Agreement

Quickset64

QuickTime

RBVirtualFolder64Inst

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

RuneScape Launcher 1.2

Sansa Updater

Scratch

Scribblenauts Unlimited

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SketchUp 8

Skype™ 5.10

Sonic CinePlayer Decoder Pack

Steam

SUPERAntiSpyware

swMSM

The Binding of Isaac

The Ship

TrustedID

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Ventrilo Client for Windows x64

video4fuze 0.6

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 2.0.4

WCF RIA Services V1.0 SP1

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

WPF Toolkit February 2010 (Version 3.5.50211.1)

.

==== Event Viewer Messages From Past Week ========

.

11/25/2012 8:19:36 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

11/21/2012 8:33:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

11/21/2012 8:26:52 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

11/21/2012 7:38:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was 15 milliseconds.

11/21/2012 7:38:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

11/18/2012 7:25:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was 19 milliseconds.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Step 4

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 5

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7

Java 7 Update 5

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 09-11-2012

Ran by Kevin (administrator) on 27-11-2012 at 21:52:56

Running from "C:\Users\Kevin\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-11-14 13:02] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Sorry - here is FSS log with the correct options checked:

Farbar Service Scanner Version: 09-11-2012

Ran by Kevin (administrator) on 27-11-2012 at 21:54:14

Running from "C:\Users\Kevin\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-11-14 13:02] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

What does the title bar of the "pop up corner" show ? What does the content "say" ?

Do you have an antivirus program in-place and turned on ?

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 2

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

Yes. Here are the logs of the last two steps:

# AdwCleaner v2.011 - Logfile created 12/03/2012 at 11:51:20

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kevin - BUTLERFAMILPC

# Boot Mode : Normal

# Running from : C:\Users\Kevin\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c8w0fahl.default\searchplugins\Web Search.xml

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\Kathy\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Kathy\AppData\LocalLow\DownloadnSave

Folder Found : C:\Users\Kevin\AppData\LocalLow\DownloadnSave

Folder Found : C:\Users\Matt\AppData\Local\Savings Sidekick

Folder Found : C:\Users\Matt\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Matt\AppData\LocalLow\DownloadnSave

Folder Found : C:\Users\Matt\AppData\LocalLow\DownTangoLauncherToolbar

Folder Found : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}

Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\prefs.js

Found : user_pref("browser.search.defaultthis.engineName", "AccuWeather Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&Sea[...]

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("browser.search.selectedEngine", "AccuWeather Customized Web Search");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=2&q=[...]

Profile name : default

File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c8w0fahl.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Web Search");

Found : user_pref("browser.search.defaultenginename", "Web Search");

Found : user_pref("browser.search.order.1", "Web Search");

Found : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=");

Profile name : default

File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\wnbttv23.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.16] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592",

Found [l.1707] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592",

File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5685 octets] - [03/12/2012 11:51:20]

########## EOF - C:\AdwCleaner[R1].txt - [5745 octets] ##########

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Kevin [Admin rights]

Mode : Scan -- Date : 12/03/2012 11:53:19

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] chrome_frame_helper.exe -- C:\Users\Kathy\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome_frame_helper.exe -> KILLED [TermProc]

[sUSP PATH] SansaDispatch.exe -- C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]

[sUSP PATH] adwcleaner.exe -- C:\Users\Kevin\Desktop\adwcleaner.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-4238866707-2981277748-2125797828-1001[...]\Run : SansaDispatch (C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-4238866707-2981277748-2125797828-1006[...]\Run : ChromeFrameHelper ("C:\Users\Kathy\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome_frame_helper.exe" --startup) -> FOUND

[TASK][sUSP PATH] ArcadeWeb Update.job : C:\Users\Ian\AppData\Local\ArcadeWeb\awuper.exe -> FOUND

[TASK][sUSP PATH] ArcadeWeb Update : C:\Users\Ian\AppData\Local\ArcadeWeb\awuper.exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

198.15.104.132 www.google-analytics.com.

198.15.104.132 ad-emea.doubleclick.net.

198.15.104.132 www.statcounter.com.

72.29.93.243 www.google-analytics.com.

72.29.93.243 ad-emea.doubleclick.net.

72.29.93.243 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++

--- User ---

[MBR] 4e0289016a6b2e13b1dfbe7158dbc218

[bSP] f4da71111fb77143416f95765f639085 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12032012_02d1153.txt >>

RKreport[1]_S_12032012_02d1153.txt

Link to post
Share on other sites

I would ask you if you knowlingly downloaded the following, and IF you consented to installing them ??

I would suggest to you that these are adware widgets and should be uninstalled:

AskToolbar

DownloadnSave

DownTangoLauncherToolbar

Savings Sidekick

SpecialSavings

I would suggest you get into Control Panel >> Programs and Features. Look to see if any of above are shown.

If shown, 1 by 1, click on it and select Uninstall as you find any of the above in the list.

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Maurice,

AskToolbar - not found at all

DownloadnSave - found in registry and deleted

DownTangoLauncherToolbar - not found at all

Savings Sidekick - found in registry and deleted

SpecialSavings - not sure.

Here is the log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.03.14

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kevin :: BUTLERFAMILPC [administrator]

Protection: Enabled

12/3/2012 5:08:09 PM

mbam-log-2012-12-03 (17-08-09).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 537289

Time elapsed: 1 hour(s), 31 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The MBAM result is very good.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log AND

tell me, Is the popup ad gone ??

Link to post
Share on other sites

I go to http://www.eset.com/onlinescan/

It says An add-on for this web site failed to run.

And the pop up is still present. It has no header. It's from network.adsmarket.com. The URL is

h--p://www.appround.net/videoperformer/mtt/cache/video_v3-en.php?tid=10gfzR0001.N36v90rjedQ1tG1J10000 after I tried to block cookies, trying to copy the URL.

What gives? I appreciate you working with me but I'm frustrated by this process.

Thanks.

Edited by Maurice Naggar
Link to post
Share on other sites

Let's tweak your Internet Explorer a bit.

Start Internet Explorer. Using it's main menu, select Tools >> Internet Options.

Click Security Tab. Click the Restricted sites icon. And click the Sites button.

Type into the text box

network.adsmarket.com

and click Add button. Click the Apply button

Now, click on the Trusted Sites icon. And click the Sites button.

Type into the text box

http://*.eset.com

and click Add button. Click the Apply button.

Now, click the OK button.

Next, retry the ESET Online scan once more.

Link to post
Share on other sites

This was the result:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=1e7820577ce66043a9c8821bc0af86db

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-07 06:31:04

# local_time=2012-12-07 12:31:04 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 106405314 0 0

# scanned=267932

# found=8

# cleaned=8

# scan_time=6001

C:\TDSSKiller_Quarantine\07.11.2012_18.07.42\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C

C:\TDSSKiller_Quarantine\07.11.2012_18.12.04\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C

C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C

C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 C

C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0006.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 C

C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 C

C:\Users\Kathy\AppData\Local\Temp\Addons\{DEAAB389-3EC1-C412-26F9-76E30549917F}\codecc_extension.exe Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined) DB2069EE50C65413D8A8316AB7B15372DEA12A8B C

C:\Users\Kathy\AppData\Local\Temp\Addons\{DEAAB389-3EC1-C412-26F9-76E30549917F}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application (cleaned by deleting - quarantined) BA33C9F766D1D0ACEAEEDD31398D67BCEF09E7C9 C

Thanks.

Link to post
Share on other sites

Advise me if any "pop up ad" has occured in the past day or so?

Tell me, How is the system now ?

What do you know of "OptimizerPro" & "Speedingup my pc" ?? Had you recently gone to any such "so-called help" sites ?

Was that approximatly when the popups started ?

Link to post
Share on other sites

Advise me if this is a home-use system.

And do the following:

Step 1

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe to install the newest version.
    ( jre-7u9-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Step 3

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 4

Start Firefox. From its main menu, select Help >> About Firefox.

Click on Check for Updates button. Allow it to process {apply} the update and to restart Firefox.

Step 5

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.