Jump to content

PLEASE HELP ! PUP.datamngr VIRUS


tdogg89
 Share

Recommended Posts

Hey there everyone, my names Toni and I have a BIG problem. I got a new laptop for Christmas with windows 8, since I got it I've been enjoying it very much, yesterday I started downloading torrents for films. Ever since I keep getting pop ups from malwarebytes saying that it has blocked a potentially malicious website, I've been scanning my computer most days since I got it but today it has detected a virus called PUP.datamngr. obviously I researched it and found its a very dangerous virus that is very hard to get rid of and in most cases must be done manually. I've looked at MANY websites and even followed a few of the steps to try and get rid of this scary virus, most of these steps are quite complicated and I know I'm not clever enough to remove it completely. most of the sites do warm that an expert should do it for your computers safety but I simply cant afford it. Is there any way I can get some step by step instructions on how to get rid of this thing ??? all help will be very much appreciated PLEASE HELP ME ! Thank you for reading Toni x

Edited by Maurice Naggar
Link to post
Share on other sites

Hello Toni and welcome to MalwareBytes forums.

I need to have a copy of the MBAM scan log, if possible.

Start MBAM.

Then click on the Logs tab.

Look at the list of scan logs shown. Find the one with the Date & time stamp of the last scan.

Click 1 time on that line.

Then click on the Open button.

It will open the report in Notepad.

Once it is up and showing in Notepad, press & hold CTRL-Key on the keyboard & press the A key

Then press & hold CTRL-key & press the C key

Then start a new reply on the forum {in this Topic) and Paste into a reply

You can just do 1 right click with your mouse, and then choose Paste

NEXT

Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.com here

or http://download.blee...om/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator :excl:

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Edited by Maurice Naggar
Link to post
Share on other sites

HEY Maurice,

Thanks for helping me

I thought u should know since I made this post, I have followed some instructions used to help somebody else with the same virus maybe this helped but I don't know as I have windows 8.

I will still follow all instructions given by you, yesterday I deleted all old logs from MBAM but ive just done a quick scan here is the log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.15.09

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16466

Toni-Leigh Jayde :: TONI-LEIGH [administrator]

Protection: Enabled

16/01/2013 19:31:27

mbam-log-2013-01-16 (19-31-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229660

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

--------------

I right clicked on DDS but it did not have the option on Run as Administrator so I just clicked OPEN

Here are the logs...

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16453

Run by Toni-Leigh Jayde at 19:43:01 on 2013-01-16

Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3950.1792 [GMT 0:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe

C:\Program Files\Fujitsu\PSUtility\PSUService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Windows\System32\WUDFHost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\windows\System32\dwm.exe

C:\windows\system32\taskhostex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\WindowsApps\27090Centrifuge.Interference_1.6.0.2_neutral__6vjw6wwgfmk3m\Interference.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://fujitsu13.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{5162748E-2888-4384-9AD0-EDAE955B8B30} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5162748E-2888-4384-9AD0-EDAE955B8B30}\A5978554C483835383675616 : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 FBIOSDRV;Fujitsu BIOS Driver;C:\windows\System32\Drivers\FBIOSDRV.sys [2012-8-17 20848]

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-10 645952]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-16 731688]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-28 1091520]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-8-28 1112000]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-11-13 233328]

R2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2012-7-18 80752]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-8-28 2451456]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 165760]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2013-1-6 143928]

R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2012-7-11 2219520]

R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2012-8-7 51608]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 364416]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-15 1384608]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-28 110592]

R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-28 825344]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1402000.013\ccsetx64.sys [2013-1-6 168096]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-12 138912]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\windows\System32\Drivers\fuj02e3.sys [2012-8-17 17264]

R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-28 55848]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130115.001\IDSviA64.sys [2013-1-16 513184]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-14 342528]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-1-12 24176]

R3 NETwNe64;@oem8.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-8-28 252048]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-8-7 683664]

R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1402000.013\symds64.sys [2013-1-6 493216]

R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1402000.013\symefa64.sys [2013-1-6 1133216]

R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1402000.013\ironx64.sys [2013-1-6 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1402000.013\symnets.sys [2013-1-6 432800]

S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1402000.013\symelam.sys [2013-1-6 23448]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]

.

=============== Created Last 30 ================

.

2013-01-15 10:25:30 -------- d-----w- C:\windows\ERUNT

2013-01-15 10:25:23 -------- d-----w- C:\JRT

2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\wbem\de-DE

2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\drivers\UMDF\de-DE

2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\drivers\de-DE

2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\de

2013-01-15 04:22:57 -------- d-----w- C:\windows\SysWow64\drivers\sk-SK

2013-01-15 04:22:56 -------- d-----w- C:\windows\SysWow64\wbem\sk-SK

2013-01-15 04:22:56 -------- d-----w- C:\windows\System32\sk

2013-01-15 04:22:56 -------- d-----w- C:\windows\sk-SK

2013-01-15 04:22:55 -------- d-----w- C:\windows\System32\drivers\sk-SK

2013-01-15 04:22:54 -------- d-----w- C:\windows\System32\wbem\sk-SK

2013-01-14 23:38:35 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\ElevatedDiagnostics

2013-01-14 21:15:55 -------- d-----w- C:\windows\pss

2013-01-14 19:28:39 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CrashDumps

2013-01-14 18:35:41 182464 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10188.bin

2013-01-13 23:24:36 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\NPE

2013-01-13 22:35:44 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CRE

2013-01-13 15:00:06 80728 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 15:00:06 695640 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-01-13 14:09:22 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Diagnostics

2013-01-13 02:17:54 618496 ----a-w- C:\windows\System32\drivers\srv2.sys

2013-01-13 02:17:54 109568 ----a-w- C:\windows\System32\dskquota.dll

2013-01-13 02:17:52 82944 ----a-w- C:\windows\SysWow64\dskquota.dll

2013-01-13 02:17:17 1172992 ----a-w- C:\windows\System32\mfnetsrc.dll

2013-01-13 02:17:16 929792 ----a-w- C:\windows\SysWow64\mfnetsrc.dll

2013-01-13 02:17:16 677888 ----a-w- C:\windows\System32\mfnetcore.dll

2013-01-13 02:17:16 673280 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll

2013-01-13 02:17:16 568832 ----a-w- C:\windows\SysWow64\mfnetcore.dll

2013-01-13 02:17:15 513024 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll

2013-01-13 02:17:14 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll

2013-01-13 02:17:14 1048064 ----a-w- C:\windows\System32\mfasfsrcsnk.dll

2013-01-13 02:14:59 96256 ----a-w- C:\windows\System32\mssprxy.dll

2013-01-13 02:13:59 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys

2013-01-13 02:13:59 235520 ----a-w- C:\windows\System32\rdpudd.dll

2013-01-13 02:13:59 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys

2013-01-13 02:13:58 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys

2013-01-13 02:13:43 4055552 ----a-w- C:\windows\System32\win32k.sys

2013-01-13 02:13:42 368640 ----a-w- C:\windows\System32\sppwinob.dll

2013-01-13 02:10:14 301568 ----a-w- C:\windows\System32\newdev.dll

2013-01-13 02:10:13 76288 ----a-w- C:\windows\System32\newdev.exe

2013-01-13 02:10:13 75264 ----a-w- C:\windows\System32\ndadmin.exe

2013-01-13 02:10:13 74240 ----a-w- C:\windows\SysWow64\newdev.exe

2013-01-13 02:10:13 73728 ----a-w- C:\windows\SysWow64\ndadmin.exe

2013-01-13 02:10:13 275968 ----a-w- C:\windows\SysWow64\newdev.dll

2013-01-13 02:10:10 68608 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-01-13 02:10:10 446976 ----a-w- C:\windows\System32\wwansvc.dll

2013-01-13 01:44:07 86016 ----a-w- C:\windows\System32\ncryptsslp.dll

2013-01-13 01:44:07 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll

2013-01-13 01:38:58 2367528 ----a-w- C:\windows\System32\WSService.dll

2013-01-13 01:38:56 13640704 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll

2013-01-13 01:38:37 3265256 ----a-w- C:\windows\System32\drivers\evbda.sys

2013-01-13 01:38:26 10791936 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll

2013-01-13 01:38:17 2397184 ----a-w- C:\windows\System32\WpcMon.exe

2013-01-13 01:38:09 3847168 ----a-w- C:\windows\System32\d2d1.dll

2013-01-13 01:38:04 3964416 ----a-w- C:\windows\System32\WinSAT.exe

2013-01-13 01:36:59 180736 ----a-w- C:\windows\System32\bcdsrv.dll

2013-01-13 01:35:59 9374208 ----a-w- C:\windows\SysWow64\wmploc.DLL

2013-01-13 01:32:23 2361344 ----a-w- C:\windows\System32\msxml6.dll

2013-01-13 01:32:22 1836032 ----a-w- C:\windows\System32\msxml3.dll

2013-01-13 01:32:21 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-13 01:32:20 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-13 01:32:19 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll

2013-01-13 01:32:19 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll

2013-01-13 01:32:19 2048 ----a-w- C:\windows\System32\msxml6r.dll

2013-01-13 01:32:19 2048 ----a-w- C:\windows\System32\msxml3r.dll

2013-01-12 01:59:49 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Roaming\Malwarebytes

2013-01-12 01:59:36 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-12 01:59:34 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-12 01:59:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-12 01:59:17 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Programs

2013-01-11 21:55:02 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2013-01-07 17:30:29 -------- d-----r- C:\windows\BrowserChoice

2013-01-06 18:54:44 776864 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\srtsp64.sys

2013-01-06 18:54:44 493216 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symds64.sys

2013-01-06 18:54:44 432800 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symnets.sys

2013-01-06 18:54:44 37496 ----a-r- C:\windows\System32\drivers\NISx64\1402000.013\srtspx64.sys

2013-01-06 18:54:44 23448 ----a-r- C:\windows\System32\drivers\NISx64\1402000.013\symelam.sys

2013-01-06 18:54:44 224416 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\ironx64.sys

2013-01-06 18:54:44 168096 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys

2013-01-06 18:54:44 1133216 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symefa64.sys

2013-01-06 18:54:30 -------- d-----w- C:\windows\System32\drivers\NISx64\1402000.013

2013-01-05 03:13:36 -------- d-----w- C:\.jagex_cache_32

2013-01-05 03:12:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\jagexcache

2013-01-04 19:40:26 -------- d-----r- C:\Program Files (x86)\Skype

2013-01-03 23:15:25 99328 ----a-w- C:\windows\System32\wushareduxresources.dll

2013-01-03 23:14:56 1566432 ----a-w- C:\windows\System32\ole32.dll

2013-01-03 23:12:04 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2013-01-03 23:12:03 2048 ----a-w- C:\windows\System32\tzres.dll

2013-01-03 22:57:17 17888 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll

2013-01-03 22:57:17 17888 ----a-w- C:\windows\System32\msvcr100_clr0400.dll

2013-01-03 22:45:43 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CyberLink

2013-01-03 22:43:16 -------- d-----r- C:\Users\Toni-Leigh Jayde\Searches

2013-01-03 22:41:20 300032 ----a-w- C:\windows\SysWow64\atmfd.dll

2013-01-03 22:41:19 75776 ----a-w- C:\windows\SysWow64\fontsub.dll

2013-01-03 22:41:19 46080 ----a-w- C:\windows\System32\atmlib.dll

2013-01-03 22:41:19 362496 ----a-w- C:\windows\System32\atmfd.dll

2013-01-03 22:41:19 35328 ----a-w- C:\windows\SysWow64\atmlib.dll

2013-01-03 22:41:19 3072 ----a-w- C:\windows\SysWow64\lpk.dll

2013-01-03 22:41:19 3072 ----a-w- C:\windows\System32\lpk.dll

2013-01-03 22:41:19 14336 ----a-w- C:\windows\System32\dciman32.dll

2013-01-03 22:41:19 10752 ----a-w- C:\windows\SysWow64\dciman32.dll

2013-01-03 22:41:18 96256 ----a-w- C:\windows\System32\fontsub.dll

2013-01-03 22:41:03 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-01-03 22:40:38 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

2013-01-03 22:40:28 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\VirtualStore

2013-01-03 22:39:51 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Roaming\Intel

2013-01-03 22:39:02 94208 ----a-w- C:\windows\System32\synceng.dll

2013-01-03 22:39:02 72192 ----a-w- C:\windows\SysWow64\synceng.dll

2013-01-03 22:38:48 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-01-03 22:38:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-01-03 22:37:24 -------- d--h--w- C:\Users\Toni-Leigh Jayde\AppData

2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\Roaming

2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Temp

2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Microsoft

2013-01-03 22:32:06 -------- d-----w- C:\Windows.old

2012-12-31 00:40:27 -------- d-----w- C:\sources

2012-12-25 08:09:23 -------- d-sh--w- C:\$RECYCLE.BIN

.

==================== Find3M ====================

.

2012-12-06 04:23:00 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll

2012-12-06 04:22:59 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll

2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll

2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll

2012-11-28 04:21:17 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2012-11-28 04:20:59 53760 ----a-w- C:\windows\System32\UXInit.dll

2012-11-27 07:00:32 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys

2012-11-27 07:00:29 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys

2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe

2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe

2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe

2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll

2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll

2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll

2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll

2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll

2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll

2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe

2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll

2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe

2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll

2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll

2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL

2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL

2012-11-27 04:17:31 2302464 ----a-w- C:\windows\System32\authui.dll

2012-11-20 08:00:23 6971624 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-11-20 05:24:19 1164800 ----a-w- C:\windows\SysWow64\Display.dll

2012-11-20 05:24:17 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll

2012-11-20 05:17:23 1184256 ----a-w- C:\windows\System32\Display.dll

2012-11-20 05:17:20 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll

2012-11-20 05:02:46 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL

2012-11-20 04:59:26 7168 ----a-w- C:\windows\System32\KBDKURD.DLL

2012-11-20 04:56:27 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys

2012-11-20 04:56:11 83456 ----a-w- C:\windows\System32\drivers\hidclass.sys

2012-11-20 04:54:31 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys

2012-11-15 06:08:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-15 06:06:34 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-13 21:02:25 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll

2012-11-13 21:02:24 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2012-11-13 21:02:24 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2012-11-13 04:20:30 1120768 ----a-w- C:\windows\System32\msctf.dll

2012-11-13 04:19:23 890880 ----a-w- C:\windows\SysWow64\msctf.dll

2012-11-10 04:23:25 132608 ----a-w- C:\windows\SysWow64\poqexec.exe

2012-11-10 04:23:18 148480 ----a-w- C:\windows\System32\poqexec.exe

2012-11-10 04:22:40 122880 ----a-w- C:\windows\System32\VmHostAI.dll

2012-11-10 04:22:35 144384 ----a-w- C:\windows\System32\tssdisai.dll

2012-11-10 04:22:14 126976 ----a-w- C:\windows\System32\RDWebAI.dll

2012-11-10 04:20:20 135680 ----a-w- C:\windows\System32\appserverai.dll

2012-11-08 04:25:36 523776 ----a-w- C:\windows\SysWow64\WSShared.dll

2012-11-08 04:25:36 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll

2012-11-08 04:25:36 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:25:35 1775104 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-08 04:24:27 2881536 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-08 04:24:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2012-11-08 04:24:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2012-11-08 04:22:21 641536 ----a-w- C:\windows\System32\WSShared.dll

2012-11-08 04:22:20 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll

2012-11-08 04:22:20 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:22:19 2246656 ----a-w- C:\windows\System32\wininet.dll

2012-11-08 04:22:12 907776 ----a-w- C:\windows\System32\uxtheme.dll

2012-11-08 04:21:00 3966464 ----a-w- C:\windows\System32\jscript9.dll

2012-11-08 04:20:56 67072 ----a-w- C:\windows\System32\iesetup.dll

2012-11-08 04:20:56 136704 ----a-w- C:\windows\System32\iesysprep.dll

2012-11-08 01:56:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll

2012-11-06 07:52:07 445160 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS

2012-11-06 07:52:04 277736 ----a-w- C:\windows\System32\drivers\msiscsi.sys

2012-11-06 07:36:23 69864 ----a-w- C:\windows\System32\drivers\pdc.sys

2012-11-06 07:33:46 522640 ----a-w- C:\windows\System32\AUDIOKSE.dll

2012-11-06 07:33:46 253512 ----a-w- C:\windows\System32\audiodg.exe

2012-11-06 07:33:45 490064 ----a-w- C:\windows\System32\AudioEng.dll

2012-11-06 07:33:45 447792 ----a-w- C:\windows\System32\AudioSes.dll

2012-11-06 05:00:06 463768 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll

2012-11-06 05:00:06 427568 ----a-w- C:\windows\SysWow64\AudioEng.dll

2012-11-06 05:00:06 324344 ----a-w- C:\windows\SysWow64\AudioSes.dll

2012-11-06 04:54:13 2205696 ----a-w- C:\windows\SysWow64\PrintConfig.dll

2012-11-06 04:48:27 1150160 ----a-w- C:\windows\SysWow64\ole32.dll

2012-11-06 04:19:59 470016 ----a-w- C:\windows\System32\wlanmsm.dll

2012-11-06 04:18:58 84992 ----a-w- C:\windows\SysWow64\fdWCN.dll

2012-11-06 04:17:58 110080 ----a-w- C:\windows\System32\dafWCN.dll

2012-11-06 04:17:42 785920 ----a-w- C:\windows\System32\audiosrv.dll

2012-11-06 04:17:41 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll

2012-11-06 04:17:35 2146816 ----a-w- C:\windows\System32\actxprxy.dll

2012-11-06 04:17:32 212992 ----a-w- C:\windows\System32\bthprops.cpl

2012-11-06 04:00:17 16384 ----a-w- C:\windows\System32\iscsilog.dll

2012-11-06 03:58:53 9728 ----a-w- C:\windows\System32\wlanhlp.dll

2012-11-06 03:56:35 9728 ----a-w- C:\windows\SysWow64\wlanhlp.dll

2012-11-06 03:55:44 22528 ----a-w- C:\windows\System32\drivers\fxppm.sys

2012-11-06 03:55:09 212992 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2012-11-06 03:55:02 90624 ----a-w- C:\windows\System32\drivers\amdk8.sys

2012-11-06 03:55:02 89088 ----a-w- C:\windows\System32\drivers\intelppm.sys

2012-11-06 03:55:02 88064 ----a-w- C:\windows\System32\drivers\amdppm.sys

2012-11-06 03:55:02 87552 ----a-w- C:\windows\System32\drivers\processr.sys

2012-11-06 03:54:40 74752 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS

2012-11-06 03:54:09 859136 ----a-w- C:\windows\System32\drivers\http.sys

2012-11-06 03:53:56 51712 ----a-w- C:\windows\System32\drivers\bthenum.sys

2012-11-06 03:53:44 560640 ----a-w- C:\windows\System32\drivers\afd.sys

2012-11-06 03:53:12 1171968 ----a-w- C:\windows\System32\drivers\bthport.sys

2012-11-06 03:52:49 366080 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

.

============= FINISH: 19:44:55.13 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 03/01/2013 22:38:38

System Uptime: 15/01/2013 11:23:56 (32 hours ago)

.

Motherboard: FUJITSU | | FJNBB29

Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU Socket - U3E1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 26.14 GiB free.

D: is FIXED (NTFS) - 374 GiB total, 373.494 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP7: 15/01/2013 03:11:17 - Language Pack Removal

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.3) MUI

CyberLink PowerDVD 10

CyberLink YouCam 5

DeskUpdate 4.13

FJ Camera

Fujitsu BIOS Driver

Fujitsu MobilityCenter Extension Utility

Fujitsu System Extension Utility

Intel PROSet Wireless

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® + High Speed

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

LIFEBOOK Application Panel

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Office

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Norton Internet Security

Plugfree NETWORK

Pointing Device Utility

Power Saving Utility

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Skype Click to Call

Skype™ 6.0

Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System (06/09/2012 1.23)

Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System (06/22/2012 1.30.0.0)

Wireless Radio Switch Driver

.

==== Event Viewer Messages From Past Week ========

.

16/01/2013 05:11:13, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

15/01/2013 11:25:26, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Toni-Leigh\Toni-Leigh Jayde SID (S-1-5-21-1164423044-4154750431-3064723605-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

15/01/2013 11:23:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

15/01/2013 11:22:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

15/01/2013 11:22:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "Unavailable" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

15/01/2013 11:20:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

15/01/2013 11:17:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

15/01/2013 11:17:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

15/01/2013 11:17:06, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21

15/01/2013 10:58:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

15/01/2013 10:49:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

15/01/2013 10:42:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

.

==== End Of File ===========================

All done, did I do it right ?

Link to post
Share on other sites

You did do the DDS properly :)

To show all files:

  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in
    explorer.exe

    and press Enter

  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has a checkmark, then Click the box one time so that it is un-checked.

Step 2

The MBAM quick scan result is good. I'd like for you to do a FULL scan, but 1st turn off your Norton Internet Security antivirus.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Re-enable your antivirus program.

Step 3

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Tell me, How is the system ?

Link to post
Share on other sites

ALL DONE !!

Think I forgot to check the box before removing what was found, ill do another full scan but here is the MBAM Log.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.17.08

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16466

Toni-Leigh Jayde :: TONI-LEIGH [administrator]

Protection: Enabled

17/01/2013 19:52:36

mbam-log-2013-01-17 (19-52-36).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 554655

Time elapsed: 2 hour(s), 28 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows.old\Users\Toni-Leigh Jayde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IM3XD8V\50e34eebab7cb[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

(end)

_________

Now here is the AdwCleaner log

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 22:36:30

# Updated 17/01/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Toni-Leigh Jayde - TONI-LEIGH

# Boot Mode : Normal

# Running from : C:\Users\Toni-Leigh Jayde\Desktop\adwcleaner2.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-----------------------------------------------------

Now to start another full scan to remove what was found !! :)

Also when I downloaded ADWCLEANER I got a security warning.. is this normal ??

Link to post
Share on other sites

While I am helping you, please do not do things on your own. Do not make changes or additions without 1st checking with me.

That page is ok up to the point where it suggests resetting your browser. For the rest of the steps, and especiallt any registry edits, those are not recommended to be done by the "average" user.

But again, since I am helping you here, please do not do anything on your own to try to "fix".

So far, MBAM has done a good job.

Yes, anytime you download something you "may" be prompted or especially before "running" something on Windows 8, you may be prompted.

You need to empty out (delete) temporary internet files in Internet Explorer.

Press Windows-key+R key to get RUN menu

Type in

inetcpl.cpl

and press Enter key to start

In the Internet Properties dialog, look down at the Browsing history block and click on the Delete button

In the line marked Temporary internet files and website files

if it is not checked, click 1 time in that box so that it is checkmarked. {eg, selected}

Next press the Delete button and follow the prompts.

When all done, press the OK button to exit.

Tell me, How is the system now?

Link to post
Share on other sites

You are good to go.

But I must advise you that downloading "movies" from unknown websites or from dodgy ones, or by the use of "torrents" is highly risky.

I would advise you Uninstall uTorrent

I do not recommend the use of peer-to-peer programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.