Roaminguser_gensett.xml

[infected_layerz]

Hello Malware techies!

I am an above average pc user, but I am no programmer and have no idea how to proceed when it comes to cleaning a virus. Even more so in the dark when it comes to what I believe may be a network attack. Both of the infected clients have a strange network adapter listed "Wireless Network Connection 2 | Microsoft Virtual WiFi Miniport Adapter". When viewing my network map, There is a huge question mark that appears as well.

Laptop 1 has been affected by a "Search Conduit" that I did not realize was a hijacked browser.

Laptop 2 has several toolbars installed which may have also been the root to this issue. While attempting to remove some of the unnecessary software from this device there was a point in which the wireless connection dropped. The Connection Manager showed 2 full strength SSIDs. 1. my-SSID and 2. DUMMY. Going back to the WiFi minport concept.. would this be a way to jack up my basic Windows layers?

I am in over my head here and would greatly appreciate some solid advice!

Both laptops are running Win Home x64

BitDefender 2013 and now Malwarebytes.

I would like to troubleshoot PC 1 first.

..DDS.txt results from PC 1 can be found in next post

Thanks!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by Jay at 11:59:49 on 2013-04-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16281.12654 [GMT -4:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\S-Bar\MSIService.exe

C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe

C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidsvcm.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\ravcpl64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Synaptics\SynTP\syntphelper.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Program Files\Logitech Gaming Software\lcore.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Samsung\Kies\kies.exe

C:\Program Files\Qualcomm Atheros\Killer Network Manager\killernetmanager.exe

C:\Users\Jay\AppData\Roaming\Dropbox\bin\dropbox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\S-Bar\s-bar.exe

C:\Program Files (x86)\MSI\Super-Charger\super-charger.exe

C:\Program Files (x86)\MSI\KLM\klm.exe

C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\vgaocap.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\thxaudio.exe

C:\Program Files (x86)\CyberLink\YouCam\ycmmirage.exe

C:\Program Files (x86)\Acronis\TrueImageHome\trueimagemonitor.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Acronis\TibMounter\tibmountermonitor.exe

C:\Program Files (x86)\Samsung\Kies\kiestrayagent.exe

c:\program files\nvidia corporation\display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\malwarebytes' anti-malware\mbam.exe

C:\windows\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\SysWOW64\DllHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://msi.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file="">

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [s-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe

mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

mRun: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe

mRun: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\windows\UpdReg.EXE

mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{990C9268-2619-40C6-9A78-8949627A73EB} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EB9519A2-F0CD-4E10-A2C1-4BA8630222AE} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EB9519A2-F0CD-4E10-A2C1-4BA8630222AE}\4627F696463507F647 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{EB9519A2-F0CD-4E10-A2C1-4BA8630222AE}\9364053313 : DHCPNameServer = 192.168.1.1 71.250.0.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file="">

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file="">

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file="">

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-25 8704]

R0 avc3;avc3;C:\windows\System32\drivers\avc3.sys [2012-12-1 718840]

R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\drivers\fltsrv.sys [2012-11-28 155272]

R0 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2013-4-30 147232]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-6-19 16152]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-12-1 30056]

R0 tib_mounter;Acronis TIB Mounter;C:\windows\System32\drivers\tib_mounter.sys [2012-11-28 1093256]

R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2012-11-28 228488]

R0 vidsflt;Acronis Disk Storage Filter;C:\windows\System32\drivers\vidsflt.sys [2012-11-28 166024]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-12-1 93600]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-12-1 103504]

R1 BDVEDISK;BDVEDISK;C:\windows\System32\drivers\bdvedisk.sys [2012-12-1 76944]

R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\windows\System32\drivers\bflwfx64.sys [2012-3-8 75880]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-28 3696632]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-19 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-19 2429544]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-30 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-30 701512]

R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-11-2 160768]

R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]

R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-6-19 138768]

R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-3-8 492032]

R2 regi;regi;C:\windows\System32\drivers\regi.sys [2012-11-28 14112]

R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-12-1 95184]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]

R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2012-1-20 16128]

R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-4-30 68856]

R3 afcdp;afcdp;C:\windows\System32\drivers\afcdp.sys [2012-11-28 367200]

R3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2012-12-1 593144]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-10-13 31216]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-19 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-6-19 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-6-19 786200]

R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\windows\System32\drivers\e22W7x64.sys [2012-3-8 161616]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-4-30 25928]

R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2012-11-28 32344]

R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-6-19 14136]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-6-19 339048]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BDSandBox;BDSandBox;C:\windows\System32\drivers\bdsandbox.sys [2012-12-1 82384]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720]

S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-1-31 102368]

S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-1-31 203104]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-1 1255736]

S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-4-30 69392]

.

=============== Created Last 30 ================

.

2013-04-30 15:48:21 -------- d-----w- C:\Users\Jay\AppData\Roaming\Malwarebytes

2013-04-30 15:48:18 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-30 15:48:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-04-30 15:48:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-30 15:48:05 -------- d-----w- C:\Users\Jay\AppData\Local\Programs

2013-04-30 15:41:35 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A96B45F-8F8E-4A6E-99F3-7797B2177965}\offreg.dll

2013-04-30 04:53:09 147232 ----a-w- C:\windows\System32\drivers\gzflt.sys

.

==================== Find3M ====================

.

2013-04-30 04:52:27 593144 ----a-w- C:\windows\System32\drivers\avckf.sys

2013-04-30 04:52:17 718840 ----a-w- C:\windows\System32\drivers\avc3.sys

2013-04-30 04:44:11 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-30 04:44:11 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-04-30 04:44:05 16486616 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

2013-03-12 05:10:56 282744 ------w- C:\windows\System32\MpSigStub.exe

2013-03-01 03:36:04 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-02-22 06:27:49 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-02-15 06:08:40 44032 ----a-w- C:\windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll

2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys

.

============= FINISH: 12:00:06.43 ===============</orphaned></orphaned></no></no></orphaned></no></no>

[LDTate]

Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".

These browser plug-ins are being bundled with free software and most commonly computer users install it without realizing it.

Such shady advertising have caused a bad reputation and many computer users think that these add-ons are a virus or malware which have infiltrated their computers without their consent.

In reality these browser plug-ins are not a virus, it's an unwanted application which installs on user's computer together with free software or other browser add-ons.

A good example is when you update your Java.

Next time you update your Java make sure you remove the check mark / tick from adding the additional add-on if you don't want it.

This tool might remove add-ons that you added by choice like Ask Toolbar.

Please download AdwCleaner and save it on your Desktop.

http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

2.Click on Delete button.

3.Confirm each time with OK.

4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Let us know if that solves the issue.

[infected_layerz]

Hey LDTate, thanks for the response!

I was doing some more research on the subject after posting here.

It seems the xml file works in conjunction with my BitDefender Virus Scanner.

I believe it has something to do with the startup settings for the gadget interface.

Sorry for crying wolf! I just recently switched to BitDefender and got a bit paranoid when I saw the random file.

The following is the content of the xml file..

<?xml version="1.0" encoding="UTF-8"?>

-<settings version="1.0"><bdnews>1</bdnews><show_alert>1</show_alert><show_abar>0</show_abar><load_startup>1</load_startup><virus_rep>1</virus_rep><od>1</od><pass_enablepc>1</pass_enablepc><show_popus_advanced>1</show_popus_advanced><show_popups_basic>0</show_popups_basic></settings>

I think I should be good on this one.

Thanks brudda!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!