Malware, CPU Usage, Chrome Browser Unresponsive

[peep]

I've never had problems with CPU usage spikes and/or the Chrome browser until this morning.

While downloading the utility to download a video, I accidently downloaded a bunch of toolbars.

Who knows what else also hitched a ride in the process.

Immediately following the download, my CPU use spiked over 90% and continued to climb.

My Chrome browser stopped responding, which is something I never have encountered.

Typically Chrome with the number of tabs I keep open doesn't gobble up more than 20% of my CPU.

I ran the Malwarebytes Quick Scan which flagged 2 occurrences of PUP.215.

(Prior to this scan, my daily scans have been clean.)

I deleted these 2 occurrences and ran the Quick Scan again.

However, they were once again flagged.

So I rebooted and ran Quick Scan once again.

Wash, rinse, repeat.

Eventually PUP.215 was no longer flagged by Quick Scan.

However, when I relaunched Chrome, CPU use once again spiked to over 90% and Chrome once again became unresponsive.

As I said previously, I've never had a problem with Chrome until immediately after I downloaded this video download utility.

No similar problems with Firefox.

---------------------

Following the instructions in the forum, I downloaded DDS and ran the utility.

I also downloaded and ran RogueKiller.

The logs are included below.

---------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by admin at 8:57:18 on 2013-04-22

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5706.3951 [GMT -7:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Elantech\ETDService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\notepad.exe

C:\Windows\RfBtnSvc64.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://acer13.msn.com

uDefault_Page_URL = hxxp://acer13.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll

uRun: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [LManager] <no file>

StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{5A148809-A31E-4F10-9D59-645FE05FA557} : DHCPNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\

FF - prefs.js: browser.search.selectedEngine - -

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff10.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff5.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff6.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff7.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff8.dll

FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff9.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-03-24 07:30; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn

FF - ExtSQL: 2013-03-29 21:33; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn

FF - ExtSQL: 2013-03-30 22:11; client@anonymox.net; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\client@anonymox.net.xpi

FF - ExtSQL: 2013-04-11 08:54; putlockerdownloader3@putlockerdownloader.com; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\putlockerdownloader3@putlockerdownloader.com.xpi

FF - ExtSQL: 2013-04-22 05:25; gophoto@gophoto.it; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\gophoto@gophoto.it.xpi

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-4 239616]

R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-12-18 199008]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-21 348784]

R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-21 85904]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-18 2457232]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 701512]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-22 259136]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-12-18 93296]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-12-18 81536]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-9-4 98472]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096]

R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-22 658576]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-25 138912]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-21 319888]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSviA64.sys [2013-4-19 513184]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-4 110744]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-1 25928]

R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-12-18 26736]

R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-18 57000]

S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symelam.sys [2013-4-15 23448]

S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-12-18 340112]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-04-22 11:49:25 -------- d-----w- C:\ProgramData\Babylon

2013-04-22 11:49:24 -------- d-----w- C:\Users\admin\AppData\Roaming\Babylon

2013-04-22 11:49:20 -------- d-----w- C:\Program Files (x86)\Gophoto.it

2013-04-22 11:47:52 -------- d-----w- C:\Users\admin\AppData\Local\PutLockerDownloader

2013-04-22 11:47:43 -------- d-----w- C:\Program Files (x86)\PutLockerDownloader

2013-04-19 03:39:48 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin

2013-04-18 12:21:43 -------- d-----w- C:\Users\admin\.thumbnails

2013-04-18 12:13:53 -------- d-----w- C:\Users\admin\AppData\Local\fontconfig

2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\AppData\Local\gegl-0.2

2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\.gimp-2.8

2013-04-18 12:09:26 -------- d-----w- C:\Program Files\GIMP 2

2013-04-16 03:35:49 -------- d-----w- C:\Program Files (x86)\Metability Software

2013-04-16 03:34:17 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools

2013-04-16 02:24:08 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys

2013-04-16 02:24:08 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys

2013-04-16 02:24:08 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403010.016\symelam.sys

2013-04-16 02:24:08 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys

2013-04-16 02:24:07 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtsp64.sys

2013-04-16 02:24:07 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtspx64.sys

2013-04-16 02:24:07 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys

2013-04-16 02:24:07 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys

2013-04-16 02:23:41 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403010.016

2013-04-15 04:57:46 -------- d-----w- C:\Windows\en

2013-04-15 04:57:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-04-15 04:56:43 -------- d-----w- C:\Windows\PCHEALTH

2013-04-15 04:56:08 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2013-04-15 04:56:08 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2013-04-15 04:56:08 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2013-04-15 04:56:08 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2013-04-15 04:56:06 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2013-04-15 04:56:04 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2013-04-15 04:55:29 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2013-04-15 04:55:29 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2013-04-15 04:55:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2013-04-15 04:55:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2013-04-15 04:54:25 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DSETUP.dll

2013-04-15 04:54:25 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DXSETUP.exe

2013-04-15 04:54:25 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\dsetup32.dll

2013-04-15 04:54:21 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DSETUP.dll

2013-04-15 04:54:21 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DXSETUP.exe

2013-04-15 04:54:21 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\dsetup32.dll

2013-04-15 04:54:11 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DSETUP.dll

2013-04-15 04:54:11 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DXSETUP.exe

2013-04-15 04:54:11 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\dsetup32.dll

2013-04-15 04:54:05 -------- d-----w- C:\Users\admin\AppData\Local\Windows Live

2013-04-15 04:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2013-04-12 03:37:59 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll

2013-04-12 01:39:26 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-04-12 01:39:26 1011200 ----a-w- C:\Windows\System32\reseteng.dll

2013-04-12 01:38:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-12 01:38:03 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-12 01:38:02 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-04-11 03:47:06 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-11 02:55:57 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 04:35:06 -------- d-----w- C:\Users\admin\VirtualBox VMs

2013-04-04 04:06:43 -------- d-----w- C:\Users\admin\.VirtualBox

2013-04-04 04:03:30 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2013-04-04 04:03:12 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2013-04-04 04:03:01 -------- d-----w- C:\Program Files\Oracle

2013-03-31 03:40:13 -------- d-----w- C:\bookmarkbackups firefox win8

2013-03-30 06:00:24 708168 ----a-w- C:\Windows\System32\winusbcoinstaller.dll

2013-03-30 06:00:24 1533512 ----a-w- C:\Windows\System32\wudfupdate_01007.dll

2013-03-30 06:00:06 1490656 ----a-w- C:\Windows\System32\wdfcoinstaller01007.dll

2013-03-30 05:59:39 -------- d-----w- C:\Program Files (x86)\DriverTools

2013-03-30 05:57:09 -------- d-----w- C:\Android Phone Driver

2013-03-29 04:33:44 -------- d-----w- C:\Users\admin\.android

2013-03-28 16:40:09 -------- d-----w- C:\Users\admin\AppData\Local\Eclipse

2013-03-28 16:31:10 -------- d-----w- C:\Users\admin\.eclipse

2013-03-28 16:00:35 -------- d-----w- C:\Program Files\eclipse-jee-juno-SR2-win32-x86_64

.

==================== Find3M ====================

.

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-16 02:14:04 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2013-03-16 02:13:06 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2013-03-16 02:13:04 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2013-03-12 22:04:59 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys

2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys

2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys

2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys

2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys

2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll

2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll

2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll

2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll

2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll

2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll

2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl

2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll

2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll

2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll

2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll

2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll

2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll

2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl

2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys

2013-03-01 09:21:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-03-01 09:21:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys

2013-02-27 07:11:05 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-27 07:11:04 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-02-27 07:11:04 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 15:07:28 83688 ----a-w- C:\Windows\System32\mcupdate_AuthenticAMD.dll

2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

.

============= FINISH: 8:58:26.53 ===============

---------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 2/24/2013 3:51:21 PM

System Uptime: 4/22/2013 6:56:56 AM (2 hours ago)

.

Motherboard: Gateway | | EG70_BZ

Processor: AMD E2-1800 APU with Radeon™ HD Graphics | Socket FT1 | 1700/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 681 GiB total, 611.093 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP11: 4/3/2013 8:51:30 PM - Installed Oracle VM VirtualBox 4.2.10

RP12: 4/10/2013 7:46:20 PM - Windows Update

RP13: 4/14/2013 9:54:10 PM - Windows Live Essentials

RP14: 4/22/2013 6:12:40 AM - Restore Point April 22, 2013 0200AM

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Quick Stream

AMD VISION Engine Control Center

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Backup Manager v4

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Conexant HD Audio

CyberLink PowerDVD 10

D3DX10

Desktop Icon Position Saver (64-bit)

Desktop Restore

DriverTools 1.0

Dropbox

eBay Worldwide

ETDWare PS/2-X64 11.6.9.001_WHQL

FileMind QuickFix

Gateway Device Fast-lane

Gateway MyBackup

Gateway Power Management

Gateway Recovery Management

GIMP 2.8.4

Google Chrome

Google Earth Plug-in

Google Update Helper

Graboid Video 3.58

Identity Card

ImgBurn

Java 7 Update 15 (64-bit)

Java SE Development Kit 7 Update 15 (64-bit)

Launch Manager

Live Updater

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Office

Microsoft Pro Photo Tools

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.5 (x86 en-US)

MSVCRT

MSVCRT110

MSVCRT110_amd64

Nero 12 Essentials OEM.a01

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero Express

Nero Express Help (CHM)

Nero Launcher

Nero Update

Norton Internet Security

Notepad++

OpenOffice.org 3.4.1

Oracle VM VirtualBox 4.2.10

Photo Common

Photo Gallery

Prerequisite installer

Qualcomm Atheros WiFi Driver Installation

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek PCIE Card Reader

RealUpgrade 1.1

Spotify

VLC media player 1.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

4/22/2013 8:43:22 AM, Error: Service Control Manager [7031] - The Dritek RF Button Command Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

4/22/2013 6:55:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.

.

==== End Of File ===========================

-------------------------

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Scan -- Date : 04/22/2013 08:45:18

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

[RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] Test TimeTrigger : C:\Users\admin\AppData\Local\Temp\Runner.exe C:\Users\admin\AppData\Local\Temp\DNS.exe [-] -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++

--- User ---

[MBR] be04461bb648d4f25720e0895077dad1

[bSP] 931321f89af69cceb532b19386ef6065 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04222013_02d0845.txt >>

RKreport[1]_S_04222013_02d0845.txt

----------------------------------

Thank you for any help you can offer. I'm a newbie at this stuff, but am trying to learn as fast as I can.

[Maniac]

Hello peep and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• Malwarebytes' Anti-Malware log
  
• AdwCleaner log

[peep]

Thank you so much for your prompt response and the very clear instructions. Much appreciated.

Here are the logs you requested, in the order listed....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.8 (04.21.2013:2)

OS: Windows 8 x64

Ran by admin on Mon 04/22/2013 at 13:37:12.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\putlockerdownloader

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\putlockerdownloader_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\putlockerdownloader_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63B3260F-22E0-4298-A466-21C9CF9CB859}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\admin\appdata\local\savings explorer"

~~~ FireFox

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\rb9ira9w.default\user.js

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\rb9ira9w.default\searchplugins\babylon.xml

Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\rb9ira9w.default\jetpack

Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\rb9ira9w.default\prefs.js

user_pref("extensions.crossrider.bic", "13c89aac10ffb3b5e76e634d3b511a9a");

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\rb9ira9w.default\minidumps [6 files]

~~~ Chrome

Failed to delete: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/22/2013 at 13:45:50.12

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.22.04

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

admin :: BOOEGRET [administrator]

Protection: Enabled

4/22/2013 1:49:13 PM

mbam-log-2013-04-22 (13-49-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211189

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

# AdwCleaner v2.201 - Logfile created 04/22/2013 at 13:58:45

# Updated 21/04/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : admin - BOOEGRET

# Boot Mode : Normal

# Running from : C:\Users\admin\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\PutLockerDownloader

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Users\admin\AppData\Local\PutLockerDownloader

Folder Found : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com

***** [Registry] *****

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PutLockerDownloader

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\d57df8de56dbd42

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1591 octets] - [22/04/2013 13:58:45]

########## EOF - C:\AdwCleaner[R1].txt - [1651 octets] ##########

[Maniac]

Step 1

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

[peep]

Copy of logs as requested....

# AdwCleaner v2.202 - Logfile created 04/22/2013 at 15:30:30

# Updated 23/04/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : admin - BOOEGRET

# Boot Mode : Normal

# Running from : C:\Users\admin\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\bProtector_extensions.rdf

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\gophoto@gophoto.it.xpi

Folder Deleted : C:\Program Files (x86)\Gophoto.it

Folder Deleted : C:\Program Files (x86)\PutLockerDownloader

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Folder Deleted : C:\Users\admin\AppData\Local\PutLockerDownloader

Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com

Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\d57df8de56dbd42

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1720 octets] - [22/04/2013 13:58:45]

AdwCleaner[R2].txt - [2383 octets] - [22/04/2013 15:29:48]

AdwCleaner[s1].txt - [2354 octets] - [22/04/2013 15:30:30]

########## EOF - C:\AdwCleaner[s1].txt - [2414 octets] ##########

-----------------------------------------------

Content of TFC run:

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: admin

->Temp folder emptied: 173751927 bytes

->Temporary Internet Files folder emptied: 198910686 bytes

->FireFox cache emptied: 6521536 bytes

->Google Chrome cache emptied: 433331074 bytes

->Flash cache emptied: 3576 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 108312774 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 1944 bytes

Process complete!

Total Files Cleaned = 878.00 mb

[Maniac]

How are things now?

[peep]

Well, Chrome seems to be working now. No more "unresponsive" messages.

I'm still getting the CPU spike though, although it's not as severe as before.

The reason I didn't respond yesterday is because I wanted to see if this situation persisted before I reported back.

It seems that all of my problems immediately began when I downloaded that PutLockerDownloader utility.

When it downloaded, it also downloaded a bunch of toolbars and who knows what else.

Before opening this case, I uninstalled as much of the mess as I could using the Windows Control Panel system utility.

But as you can see in the logs I provided to you, there were still files remaining related to the PutLockerDownloader.

Did you notice anything else that might be contributing to the CPU spike problem?

Thanks....

[Maniac]

No, I didn't, but let's make some additional scans:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!