tdogg89 Posted January 15, 2013 ID:634483 Share Posted January 15, 2013 (edited) Hey there everyone, my names Toni and I have a BIG problem. I got a new laptop for Christmas with windows 8, since I got it I've been enjoying it very much, yesterday I started downloading torrents for films. Ever since I keep getting pop ups from malwarebytes saying that it has blocked a potentially malicious website, I've been scanning my computer most days since I got it but today it has detected a virus called PUP.datamngr. obviously I researched it and found its a very dangerous virus that is very hard to get rid of and in most cases must be done manually. I've looked at MANY websites and even followed a few of the steps to try and get rid of this scary virus, most of these steps are quite complicated and I know I'm not clever enough to remove it completely. most of the sites do warm that an expert should do it for your computers safety but I simply cant afford it. Is there any way I can get some step by step instructions on how to get rid of this thing ??? all help will be very much appreciated PLEASE HELP ME ! Thank you for reading Toni x Edited January 15, 2013 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2013 ID:634558 Share Posted January 15, 2013 (edited) Hello Toni and welcome to MalwareBytes forums.I need to have a copy of the MBAM scan log, if possible.Start MBAM.Then click on the Logs tab.Look at the list of scan logs shown. Find the one with the Date & time stamp of the last scan.Click 1 time on that line.Then click on the Open button.It will open the report in Notepad.Once it is up and showing in Notepad, press & hold CTRL-Key on the keyboard & press the A keyThen press & hold CTRL-key & press the C keyThen start a new reply on the forum {in this Topic) and Paste into a replyYou can just do 1 right click with your mouse, and then choose PasteNEXTDownload DDS and save it to your desktop from http://download.blee...om/sUBs/dds.com hereor http://download.blee...om/sUBs/dds.scr orhttp://www.infospyware.net/sUBs/ddsDisable any script blocker if your antivirus/antimalware has it.On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator On Windows XP double click dds to run the tool.DDS will run in a command prompt window and will take 3 to 4 minutes or so.Follow and answer the prompts as appropriate. When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktop.Please Copy & Paste contents of the following logs in your next reply:DDS.txtAttach.txt Edited January 15, 2013 by Maurice Naggar Link to post Share on other sites More sharing options...
tdogg89 Posted January 16, 2013 Author ID:635238 Share Posted January 16, 2013 HEY Maurice,Thanks for helping meI thought u should know since I made this post, I have followed some instructions used to help somebody else with the same virus maybe this helped but I don't know as I have windows 8.I will still follow all instructions given by you, yesterday I deleted all old logs from MBAM but ive just done a quick scan here is the logMalwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.15.09Windows 8 x64 NTFSInternet Explorer 10.0.9200.16466Toni-Leigh Jayde :: TONI-LEIGH [administrator]Protection: Enabled16/01/2013 19:31:27mbam-log-2013-01-16 (19-31-27).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 229660Time elapsed: 6 minute(s), 22 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)--------------I right clicked on DDS but it did not have the option on Run as Administrator so I just clicked OPEN Here are the logs... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16453Run by Toni-Leigh Jayde at 19:43:01 on 2013-01-16Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3950.1792 [GMT 0:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exeC:\Program Files\Fujitsu\PSUtility\PSUService.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Windows\System32\WUDFHost.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\system32\taskhost.exeC:\windows\System32\dwm.exeC:\windows\system32\taskhostex.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\Explorer.EXEC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\Program Files\Fujitsu\PSUtility\TrayManager.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\WindowsApps\27090Centrifuge.Interference_1.6.0.2_neutral__6vjw6wwgfmk3m\Interference.exeC:\Program Files (x86)\CyberLink\YouCam\YouCamService.exeC:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXEC:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXEC:\windows\system32\taskhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\System32\svchost.exe -k WerSvcGroupC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.comuDefault_Page_URL = hxxp://fujitsu13.msn.commWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dlluRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDmRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /smRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{5162748E-2888-4384-9AD0-EDAE955B8B30} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{5162748E-2888-4384-9AD0-EDAE955B8B30}\A5978554C483835383675616 : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 FBIOSDRV;Fujitsu BIOS Driver;C:\windows\System32\Drivers\FBIOSDRV.sys [2012-8-17 20848]R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-10 645952]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-16 731688]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-28 1091520]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-8-28 1112000]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-11-13 233328]R2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2012-7-18 80752]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-8-28 2451456]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 165760]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-12 682344]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2013-1-6 143928]R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2012-7-11 2219520]R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2012-8-7 51608]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 364416]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-15 1384608]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-28 110592]R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-28 825344]R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1402000.013\ccsetx64.sys [2013-1-6 168096]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-12 138912]R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\windows\System32\Drivers\fuj02e3.sys [2012-8-17 17264]R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-28 55848]R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130115.001\IDSviA64.sys [2013-1-16 513184]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-14 342528]R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-1-12 24176]R3 NETwNe64;@oem8.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-8-28 252048]R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-8-7 683664]R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1402000.013\symds64.sys [2013-1-6 493216]R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1402000.013\symefa64.sys [2013-1-6 1133216]R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1402000.013\ironx64.sys [2013-1-6 224416]R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1402000.013\symnets.sys [2013-1-6 432800]S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1402000.013\symelam.sys [2013-1-6 23448]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176].=============== Created Last 30 ================.2013-01-15 10:25:30 -------- d-----w- C:\windows\ERUNT2013-01-15 10:25:23 -------- d-----w- C:\JRT2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\wbem\de-DE2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\drivers\UMDF\de-DE2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\drivers\de-DE2013-01-15 04:22:59 -------- d-----w- C:\windows\System32\de2013-01-15 04:22:57 -------- d-----w- C:\windows\SysWow64\drivers\sk-SK2013-01-15 04:22:56 -------- d-----w- C:\windows\SysWow64\wbem\sk-SK2013-01-15 04:22:56 -------- d-----w- C:\windows\System32\sk2013-01-15 04:22:56 -------- d-----w- C:\windows\sk-SK2013-01-15 04:22:55 -------- d-----w- C:\windows\System32\drivers\sk-SK2013-01-15 04:22:54 -------- d-----w- C:\windows\System32\wbem\sk-SK2013-01-14 23:38:35 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\ElevatedDiagnostics2013-01-14 21:15:55 -------- d-----w- C:\windows\pss2013-01-14 19:28:39 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CrashDumps2013-01-14 18:35:41 182464 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10188.bin2013-01-13 23:24:36 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\NPE2013-01-13 22:35:44 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CRE2013-01-13 15:00:06 80728 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-13 15:00:06 695640 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-01-13 14:09:22 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Diagnostics2013-01-13 02:17:54 618496 ----a-w- C:\windows\System32\drivers\srv2.sys2013-01-13 02:17:54 109568 ----a-w- C:\windows\System32\dskquota.dll2013-01-13 02:17:52 82944 ----a-w- C:\windows\SysWow64\dskquota.dll2013-01-13 02:17:17 1172992 ----a-w- C:\windows\System32\mfnetsrc.dll2013-01-13 02:17:16 929792 ----a-w- C:\windows\SysWow64\mfnetsrc.dll2013-01-13 02:17:16 677888 ----a-w- C:\windows\System32\mfnetcore.dll2013-01-13 02:17:16 673280 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll2013-01-13 02:17:16 568832 ----a-w- C:\windows\SysWow64\mfnetcore.dll2013-01-13 02:17:15 513024 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll2013-01-13 02:17:14 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll2013-01-13 02:17:14 1048064 ----a-w- C:\windows\System32\mfasfsrcsnk.dll2013-01-13 02:14:59 96256 ----a-w- C:\windows\System32\mssprxy.dll2013-01-13 02:13:59 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys2013-01-13 02:13:59 235520 ----a-w- C:\windows\System32\rdpudd.dll2013-01-13 02:13:59 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys2013-01-13 02:13:58 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys2013-01-13 02:13:43 4055552 ----a-w- C:\windows\System32\win32k.sys2013-01-13 02:13:42 368640 ----a-w- C:\windows\System32\sppwinob.dll2013-01-13 02:10:14 301568 ----a-w- C:\windows\System32\newdev.dll2013-01-13 02:10:13 76288 ----a-w- C:\windows\System32\newdev.exe2013-01-13 02:10:13 75264 ----a-w- C:\windows\System32\ndadmin.exe2013-01-13 02:10:13 74240 ----a-w- C:\windows\SysWow64\newdev.exe2013-01-13 02:10:13 73728 ----a-w- C:\windows\SysWow64\ndadmin.exe2013-01-13 02:10:13 275968 ----a-w- C:\windows\SysWow64\newdev.dll2013-01-13 02:10:10 68608 ----a-w- C:\windows\System32\wwanprotdim.dll2013-01-13 02:10:10 446976 ----a-w- C:\windows\System32\wwansvc.dll2013-01-13 01:44:07 86016 ----a-w- C:\windows\System32\ncryptsslp.dll2013-01-13 01:44:07 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll2013-01-13 01:38:58 2367528 ----a-w- C:\windows\System32\WSService.dll2013-01-13 01:38:56 13640704 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll2013-01-13 01:38:37 3265256 ----a-w- C:\windows\System32\drivers\evbda.sys2013-01-13 01:38:26 10791936 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll2013-01-13 01:38:17 2397184 ----a-w- C:\windows\System32\WpcMon.exe2013-01-13 01:38:09 3847168 ----a-w- C:\windows\System32\d2d1.dll2013-01-13 01:38:04 3964416 ----a-w- C:\windows\System32\WinSAT.exe2013-01-13 01:36:59 180736 ----a-w- C:\windows\System32\bcdsrv.dll2013-01-13 01:35:59 9374208 ----a-w- C:\windows\SysWow64\wmploc.DLL2013-01-13 01:32:23 2361344 ----a-w- C:\windows\System32\msxml6.dll2013-01-13 01:32:22 1836032 ----a-w- C:\windows\System32\msxml3.dll2013-01-13 01:32:21 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll2013-01-13 01:32:20 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll2013-01-13 01:32:19 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll2013-01-13 01:32:19 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll2013-01-13 01:32:19 2048 ----a-w- C:\windows\System32\msxml6r.dll2013-01-13 01:32:19 2048 ----a-w- C:\windows\System32\msxml3r.dll2013-01-12 01:59:49 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Roaming\Malwarebytes2013-01-12 01:59:36 -------- d-----w- C:\ProgramData\Malwarebytes2013-01-12 01:59:34 24176 ----a-w- C:\windows\System32\drivers\mbam.sys2013-01-12 01:59:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-12 01:59:17 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Programs2013-01-11 21:55:02 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared2013-01-07 17:30:29 -------- d-----r- C:\windows\BrowserChoice2013-01-06 18:54:44 776864 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\srtsp64.sys2013-01-06 18:54:44 493216 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symds64.sys2013-01-06 18:54:44 432800 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symnets.sys2013-01-06 18:54:44 37496 ----a-r- C:\windows\System32\drivers\NISx64\1402000.013\srtspx64.sys2013-01-06 18:54:44 23448 ----a-r- C:\windows\System32\drivers\NISx64\1402000.013\symelam.sys2013-01-06 18:54:44 224416 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\ironx64.sys2013-01-06 18:54:44 168096 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys2013-01-06 18:54:44 1133216 ----a-w- C:\windows\System32\drivers\NISx64\1402000.013\symefa64.sys2013-01-06 18:54:30 -------- d-----w- C:\windows\System32\drivers\NISx64\1402000.0132013-01-05 03:13:36 -------- d-----w- C:\.jagex_cache_322013-01-05 03:12:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\jagexcache2013-01-04 19:40:26 -------- d-----r- C:\Program Files (x86)\Skype2013-01-03 23:15:25 99328 ----a-w- C:\windows\System32\wushareduxresources.dll2013-01-03 23:14:56 1566432 ----a-w- C:\windows\System32\ole32.dll2013-01-03 23:12:04 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-01-03 23:12:03 2048 ----a-w- C:\windows\System32\tzres.dll2013-01-03 22:57:17 17888 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll2013-01-03 22:57:17 17888 ----a-w- C:\windows\System32\msvcr100_clr0400.dll2013-01-03 22:45:43 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\CyberLink2013-01-03 22:43:16 -------- d-----r- C:\Users\Toni-Leigh Jayde\Searches2013-01-03 22:41:20 300032 ----a-w- C:\windows\SysWow64\atmfd.dll2013-01-03 22:41:19 75776 ----a-w- C:\windows\SysWow64\fontsub.dll2013-01-03 22:41:19 46080 ----a-w- C:\windows\System32\atmlib.dll2013-01-03 22:41:19 362496 ----a-w- C:\windows\System32\atmfd.dll2013-01-03 22:41:19 35328 ----a-w- C:\windows\SysWow64\atmlib.dll2013-01-03 22:41:19 3072 ----a-w- C:\windows\SysWow64\lpk.dll2013-01-03 22:41:19 3072 ----a-w- C:\windows\System32\lpk.dll2013-01-03 22:41:19 14336 ----a-w- C:\windows\System32\dciman32.dll2013-01-03 22:41:19 10752 ----a-w- C:\windows\SysWow64\dciman32.dll2013-01-03 22:41:18 96256 ----a-w- C:\windows\System32\fontsub.dll2013-01-03 22:41:03 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin2013-01-03 22:40:38 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin2013-01-03 22:40:28 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\VirtualStore2013-01-03 22:39:51 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Roaming\Intel2013-01-03 22:39:02 94208 ----a-w- C:\windows\System32\synceng.dll2013-01-03 22:39:02 72192 ----a-w- C:\windows\SysWow64\synceng.dll2013-01-03 22:38:48 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-01-03 22:38:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll2013-01-03 22:37:24 -------- d--h--w- C:\Users\Toni-Leigh Jayde\AppData2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\Roaming2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Temp2013-01-03 22:37:24 -------- d-----w- C:\Users\Toni-Leigh Jayde\AppData\Local\Microsoft2013-01-03 22:32:06 -------- d-----w- C:\Windows.old2012-12-31 00:40:27 -------- d-----w- C:\sources2012-12-25 08:09:23 -------- d-sh--w- C:\$RECYCLE.BIN.==================== Find3M ====================.2012-12-06 04:23:00 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll2012-12-06 04:22:59 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll2012-11-28 04:21:17 44032 ----a-w- C:\windows\SysWow64\UXInit.dll2012-11-28 04:20:59 53760 ----a-w- C:\windows\System32\UXInit.dll2012-11-27 07:00:32 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys2012-11-27 07:00:29 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL2012-11-27 04:17:31 2302464 ----a-w- C:\windows\System32\authui.dll2012-11-20 08:00:23 6971624 ----a-w- C:\windows\System32\ntoskrnl.exe2012-11-20 05:24:19 1164800 ----a-w- C:\windows\SysWow64\Display.dll2012-11-20 05:24:17 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll2012-11-20 05:17:23 1184256 ----a-w- C:\windows\System32\Display.dll2012-11-20 05:17:20 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll2012-11-20 05:02:46 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL2012-11-20 04:59:26 7168 ----a-w- C:\windows\System32\KBDKURD.DLL2012-11-20 04:56:27 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys2012-11-20 04:56:11 83456 ----a-w- C:\windows\System32\drivers\hidclass.sys2012-11-20 04:54:31 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys2012-11-15 06:08:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb2012-11-15 06:06:34 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-11-13 21:02:25 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll2012-11-13 21:02:24 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll2012-11-13 21:02:24 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll2012-11-13 04:20:30 1120768 ----a-w- C:\windows\System32\msctf.dll2012-11-13 04:19:23 890880 ----a-w- C:\windows\SysWow64\msctf.dll2012-11-10 04:23:25 132608 ----a-w- C:\windows\SysWow64\poqexec.exe2012-11-10 04:23:18 148480 ----a-w- C:\windows\System32\poqexec.exe2012-11-10 04:22:40 122880 ----a-w- C:\windows\System32\VmHostAI.dll2012-11-10 04:22:35 144384 ----a-w- C:\windows\System32\tssdisai.dll2012-11-10 04:22:14 126976 ----a-w- C:\windows\System32\RDWebAI.dll2012-11-10 04:20:20 135680 ----a-w- C:\windows\System32\appserverai.dll2012-11-08 04:25:36 523776 ----a-w- C:\windows\SysWow64\WSShared.dll2012-11-08 04:25:36 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll2012-11-08 04:25:36 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2012-11-08 04:25:35 1775104 ----a-w- C:\windows\SysWow64\wininet.dll2012-11-08 04:24:27 2881536 ----a-w- C:\windows\SysWow64\jscript9.dll2012-11-08 04:24:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2012-11-08 04:24:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2012-11-08 04:22:21 641536 ----a-w- C:\windows\System32\WSShared.dll2012-11-08 04:22:20 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll2012-11-08 04:22:20 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll2012-11-08 04:22:19 2246656 ----a-w- C:\windows\System32\wininet.dll2012-11-08 04:22:12 907776 ----a-w- C:\windows\System32\uxtheme.dll2012-11-08 04:21:00 3966464 ----a-w- C:\windows\System32\jscript9.dll2012-11-08 04:20:56 67072 ----a-w- C:\windows\System32\iesetup.dll2012-11-08 04:20:56 136704 ----a-w- C:\windows\System32\iesysprep.dll2012-11-08 01:56:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll2012-11-06 07:52:07 445160 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS2012-11-06 07:52:04 277736 ----a-w- C:\windows\System32\drivers\msiscsi.sys2012-11-06 07:36:23 69864 ----a-w- C:\windows\System32\drivers\pdc.sys2012-11-06 07:33:46 522640 ----a-w- C:\windows\System32\AUDIOKSE.dll2012-11-06 07:33:46 253512 ----a-w- C:\windows\System32\audiodg.exe2012-11-06 07:33:45 490064 ----a-w- C:\windows\System32\AudioEng.dll2012-11-06 07:33:45 447792 ----a-w- C:\windows\System32\AudioSes.dll2012-11-06 05:00:06 463768 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll2012-11-06 05:00:06 427568 ----a-w- C:\windows\SysWow64\AudioEng.dll2012-11-06 05:00:06 324344 ----a-w- C:\windows\SysWow64\AudioSes.dll2012-11-06 04:54:13 2205696 ----a-w- C:\windows\SysWow64\PrintConfig.dll2012-11-06 04:48:27 1150160 ----a-w- C:\windows\SysWow64\ole32.dll2012-11-06 04:19:59 470016 ----a-w- C:\windows\System32\wlanmsm.dll2012-11-06 04:18:58 84992 ----a-w- C:\windows\SysWow64\fdWCN.dll2012-11-06 04:17:58 110080 ----a-w- C:\windows\System32\dafWCN.dll2012-11-06 04:17:42 785920 ----a-w- C:\windows\System32\audiosrv.dll2012-11-06 04:17:41 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll2012-11-06 04:17:35 2146816 ----a-w- C:\windows\System32\actxprxy.dll2012-11-06 04:17:32 212992 ----a-w- C:\windows\System32\bthprops.cpl2012-11-06 04:00:17 16384 ----a-w- C:\windows\System32\iscsilog.dll2012-11-06 03:58:53 9728 ----a-w- C:\windows\System32\wlanhlp.dll2012-11-06 03:56:35 9728 ----a-w- C:\windows\SysWow64\wlanhlp.dll2012-11-06 03:55:44 22528 ----a-w- C:\windows\System32\drivers\fxppm.sys2012-11-06 03:55:09 212992 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys2012-11-06 03:55:02 90624 ----a-w- C:\windows\System32\drivers\amdk8.sys2012-11-06 03:55:02 89088 ----a-w- C:\windows\System32\drivers\intelppm.sys2012-11-06 03:55:02 88064 ----a-w- C:\windows\System32\drivers\amdppm.sys2012-11-06 03:55:02 87552 ----a-w- C:\windows\System32\drivers\processr.sys2012-11-06 03:54:40 74752 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS2012-11-06 03:54:09 859136 ----a-w- C:\windows\System32\drivers\http.sys2012-11-06 03:53:56 51712 ----a-w- C:\windows\System32\drivers\bthenum.sys2012-11-06 03:53:44 560640 ----a-w- C:\windows\System32\drivers\afd.sys2012-11-06 03:53:12 1171968 ----a-w- C:\windows\System32\drivers\bthport.sys2012-11-06 03:52:49 366080 ----a-w- C:\windows\System32\drivers\mrxsmb.sys.============= FINISH: 19:44:55.13 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 03/01/2013 22:38:38System Uptime: 15/01/2013 11:23:56 (32 hours ago).Motherboard: FUJITSU | | FJNBB29Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU Socket - U3E1 | 800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 75 GiB total, 26.14 GiB free.D: is FIXED (NTFS) - 374 GiB total, 373.494 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP7: 15/01/2013 03:11:17 - Language Pack Removal.==== Installed Programs ======================.Adobe Reader X (10.1.3) MUICyberLink PowerDVD 10CyberLink YouCam 5DeskUpdate 4.13FJ CameraFujitsu BIOS DriverFujitsu MobilityCenter Extension UtilityFujitsu System Extension UtilityIntel PROSet WirelessIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientLIFEBOOK Application PanelMalwarebytes Anti-Malware version 1.70.0.1100Microsoft OfficeMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Norton Internet SecurityPlugfree NETWORKPointing Device UtilityPower Saving UtilityRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderSkype Click to CallSkype™ 6.0Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System (06/09/2012 1.23)Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System (06/22/2012 1.30.0.0)Wireless Radio Switch Driver.==== Event Viewer Messages From Past Week ========.16/01/2013 05:11:13, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.15/01/2013 11:25:26, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Toni-Leigh\Toni-Leigh Jayde SID (S-1-5-21-1164423044-4154750431-3064723605-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.15/01/2013 11:23:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}15/01/2013 11:22:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}15/01/2013 11:22:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "Unavailable" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}15/01/2013 11:20:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}15/01/2013 11:17:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}15/01/2013 11:17:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}15/01/2013 11:17:06, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 2115/01/2013 10:58:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}15/01/2013 10:49:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}15/01/2013 10:42:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}.==== End Of File ===========================All done, did I do it right ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2013 ID:635582 Share Posted January 17, 2013 You did do the DDS properly To show all files:Press and hold Windows-key & then press R key to get the RUN menu.Type in explorer.exe and press EnterWhen in Windows Explorer, press ALT-key then V key to get VIEW menuLook at the top ribbon, right side. {the Show/Hide block}Look at the line Hidden items. IF it has a checkmark, then Click the box one time so that it is un-checked.Step 2The MBAM quick scan result is good. I'd like for you to do a FULL scan, but 1st turn off your Norton Internet Security antivirus.Save and close any work documents, close any apps that you started.Temporarily turn off (disable) your antivirus programHow To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsStart your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a Full Scan. When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.When all done, Copy & paste the MBAM scan log into a new reply.Re-enable your antivirus program.Step 3Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.If your are running Windows XP, double click adwcleaner.exe to start it.Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.Tell me, How is the system ? Link to post Share on other sites More sharing options...
tdogg89 Posted January 17, 2013 Author ID:635765 Share Posted January 17, 2013 ALL DONE !!Think I forgot to check the box before removing what was found, ill do another full scan but here is the MBAM Log.Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.17.08Windows 8 x64 NTFSInternet Explorer 10.0.9200.16466Toni-Leigh Jayde :: TONI-LEIGH [administrator]Protection: Enabled17/01/2013 19:52:36mbam-log-2013-01-17 (19-52-36).txtScan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 554655Time elapsed: 2 hour(s), 28 minute(s), 50 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows.old\Users\Toni-Leigh Jayde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IM3XD8V\50e34eebab7cb[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.(end)_________Now here is the AdwCleaner log# AdwCleaner v2.106 - Logfile created 01/17/2013 at 22:36:30# Updated 17/01/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : Toni-Leigh Jayde - TONI-LEIGH# Boot Mode : Normal# Running from : C:\Users\Toni-Leigh Jayde\Desktop\adwcleaner2.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16453[OK] Registry is clean.-----------------------------------------------------Now to start another full scan to remove what was found !! Also when I downloaded ADWCLEANER I got a security warning.. is this normal ?? Link to post Share on other sites More sharing options...
tdogg89 Posted January 17, 2013 Author ID:635769 Share Posted January 17, 2013 ALSO.... before I wrote this post I followed instructions on a site similar to this one, or it could of been the same one I don't remember as I tried so many things however instructions are very similar...http://www.expertsupportnow.com/4098/how-to-remove-pup-datamngr-trojan-virus-spyware/WAS THIS WISE ???? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 18, 2013 ID:636042 Share Posted January 18, 2013 While I am helping you, please do not do things on your own. Do not make changes or additions without 1st checking with me.That page is ok up to the point where it suggests resetting your browser. For the rest of the steps, and especiallt any registry edits, those are not recommended to be done by the "average" user.But again, since I am helping you here, please do not do anything on your own to try to "fix".So far, MBAM has done a good job.Yes, anytime you download something you "may" be prompted or especially before "running" something on Windows 8, you may be prompted.You need to empty out (delete) temporary internet files in Internet Explorer.Press Windows-key+R key to get RUN menuType ininetcpl.cpland press Enter key to startIn the Internet Properties dialog, look down at the Browsing history block and click on the Delete buttonIn the line marked Temporary internet files and website filesif it is not checked, click 1 time in that box so that it is checkmarked. {eg, selected}Next press the Delete button and follow the prompts.When all done, press the OK button to exit.Tell me, How is the system now? Link to post Share on other sites More sharing options...
tdogg89 Posted January 18, 2013 Author ID:636066 Share Posted January 18, 2013 Ok I wont do anything else, but that was before I wrote this post and I did delete quite a few registry keys :Scomputer is running fine though, just did a quick MBAM scan and everything is clear.What now ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 18, 2013 ID:636091 Share Posted January 18, 2013 You are good to go.But I must advise you that downloading "movies" from unknown websites or from dodgy ones, or by the use of "torrents" is highly risky.I would advise you Uninstall uTorrentI do not recommend the use of peer-to-peer programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware. Risks of File-Sharing Technology.P2P file sharing: Know the risksSafer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer.Use a Standard user account rather than an administrator-rights account when "surfing" the web. Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Important Updates offered.Make certain that Windows 8 Automatic Updates is enabled.http://www.eightforums.com/tutorials/5794-windows-update-automatic-updating-turn-off-windows-8-a.htmlCheck on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender Quickscan Trend Micro HousecallF-Secure Online Scanner Microsoft Safety Scanner Panda ActiveScan See Six tips to help you stay safer online Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
tdogg89 Posted January 19, 2013 Author ID:636544 Share Posted January 19, 2013 thank you so much for helping me Maurice trust me I wont be downloading anymore torrents, better to be safe than sorry !Thank you xxx Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 19, 2013 ID:636577 Share Posted January 19, 2013 You're quite welcome. Glad to have been of help. Link to post Share on other sites More sharing options...
Recommended Posts