Unsure if malware related: SynTPhelper.exe

[MoonlitGordo]

Hey guys, I'm not too sure if this is malware related, but all my google searches and general anti-virus attempts have led to no solutions.

This is more of an annoyance than a problem, but I would still like to get this resolved. Every time I start Windows, this error pops up (see screenshot); I've tried to fix it through looking through my registries, programs and processes but I couldn't find anything of use.

I've attached my MalwareBytes log, which found no issues. Any help would be greatly appreciated!

mbam-log-2013-07-18 (13-11-14).txt

[gringo_pr]

Hello MoonlitGordo

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:

  

  Download DDS and save it to your desktop

  Link1

  Link2

  Link3

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Gringo

[MoonlitGordo]

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2

Run by Gordon William Smith at 16:31:27 on 2013-07-18

Microsoft       6.2.9200.0.1252.1.1033.18.1024.146 [GMT 10:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\svchost.exe -k apphost

C:\Windows\system32\AppleOSSMgr.exe

C:\Windows\system32\AppleTimeSrv.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\dashost.exe

C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe

C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe

C:\WINDOWS\system32\svchost.exe -k iissvcs

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe

C:\Program Files (x86)\Parallels\Parallels Tools\Services\WOW\coherence.exe

C:\Program Files (x86)\UnHackMe\hackmon.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe -k GPSvcGroup

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [speedUpSystem] wscript "C:\Users\Gordon William Smith\AppData\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\Users\Gordon William Smith\AppData\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Parallels Tools Center] "C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 10.211.55.1

TCP: Interfaces\{36C432C4-B5BA-4E01-B74A-CAEAE310C4C5} : DHCPNameServer = 10.211.55.1

TCP: Interfaces\{420E6EFA-05A0-4E25-B60F-5ACB4D23E51F} : DHCPNameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{420E6EFA-05A0-4E25-B60F-5ACB4D23E51F}\F405455535132333 : DHCPNameServer = 198.142.0.51 211.29.132.12 198.142.235.14

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {81DCEDC9-DC5C-48AF-946A-45C09E8A33F0} - C:\WINDOWS\System32\msiexec.exe /fu {FA2B2C2A-EA41-495A-9308-60726125D562} /qb+

.

============= SERVICES / DRIVERS ===============

.

R0 AppleHFS;AppleHFS;C:\WINDOWS\System32\Drivers\AppleHFS.sys [2013-1-16 73016]

R0 AppleMNT;AppleMNT;C:\WINDOWS\System32\Drivers\AppleMNT.sys [2013-1-16 16696]

R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\Drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\Drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\Drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\Drivers\avgrkx64.sys [2013-2-8 45880]

R0 prl_pv64;prl_pv64;C:\WINDOWS\System32\Drivers\prl_pv64.sys [2013-6-22 120576]

R0 prl_strg;Parallels paravirt disk filter;C:\WINDOWS\System32\Drivers\prl_strg.sys [2013-6-22 40192]

R0 prl_tg;Parallels Tool Device;C:\WINDOWS\System32\Drivers\prl_tg.sys [2013-6-17 28288]

R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\Drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\Drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\Drivers\avgwfpa.sys [2013-6-27 248632]

R1 prl_boot;Parallels BootCamp Helper;C:\WINDOWS\System32\Drivers\prl_boot.sys [2013-6-17 48384]

R1 prl_fs;Parallels Shared Folders;C:\WINDOWS\System32\Drivers\prl_fs.sys [2012-12-4 199424]

R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\System32\AppleOSSMgr.exe [2013-1-16 226144]

R2 AppleTimeSrv;Apple Time Service;C:\WINDOWS\System32\AppleTimeSrv.exe [2013-1-16 94560]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 KeyAgent;KeyAgent;C:\WINDOWS\System32\Drivers\KeyAgent.sys [2013-1-16 18232]

R2 MacHALDriver;Mac HAL;C:\WINDOWS\System32\Drivers\MacHALDriver.sys [2013-1-16 23352]

R2 Parallels Coherence Service;Parallels Coherence Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe [2013-6-17 37120]

R2 Parallels Tools Service;Parallels Tools Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe [2013-6-17 172288]

R2 prl_time;Parallels Time Synchronization Helper;C:\WINDOWS\System32\Drivers\prl_time.sys [2013-6-22 19200]

R2 prl_uprof;Parallels User Profile Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-5-12 29696]

R2 PrlVssProvider;PrlVssProvider;C:\WINDOWS\System32\dllhost.exe [2012-7-26 10752]

R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-3-20 142960]

R3 prl_dd;Parallels Display Adapter (WDDM);C:\WINDOWS\System32\Drivers\prl_kmdd.sys [2013-6-17 157440]

R3 prl_memdev;prl_memdev;C:\WINDOWS\System32\Drivers\prl_memdev.sys [2013-6-17 21760]

R3 prl_mouf;Parallels Mouse Synchronization Device;C:\WINDOWS\System32\Drivers\prl_mouf.sys [2013-6-17 21760]

R3 prl_sound;Parallels Audio Controller;C:\WINDOWS\System32\Drivers\prl_sound.sys [2013-6-17 55552]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\Drivers\avgboota.sys [2012-10-26 20912]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-1 363800]

S3 acpials;ALS Sensor Filter;C:\WINDOWS\System32\Drivers\acpials.sys [2012-7-26 9728]

S3 applebmt;Apple Wireless Mouse;C:\WINDOWS\System32\Drivers\applebmt.sys [2013-4-1 52736]

S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\WINDOWS\System32\Drivers\AppleBtBc.sys [2013-4-2 20480]

S3 applemtm;Apple Multitouch Mouse;C:\WINDOWS\System32\Drivers\applemtm.sys [2013-4-1 12288]

S3 applemtp;Apple Multitouch;C:\WINDOWS\System32\Drivers\applemtp.sys [2013-4-1 38912]

S3 B57ports;Broadcom Simple Communications Device;C:\WINDOWS\System32\Drivers\B57Ports.sys [2013-4-1 44544]

S3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2013-4-1 70744]

S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

S3 CirrusFilter;CS420xLowerFilter;C:\WINDOWS\System32\Drivers\CS420x64.sys [2013-4-1 18432]

S3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\System32\Drivers\KeyMagic.sys [2013-4-1 29696]

S3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

.

=============== Created Last 30 ================

.

2013-07-13 23:29:52 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

2013-07-10 04:50:30 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll

2013-07-10 04:50:30 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-10 04:50:30 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll

2013-07-10 04:50:30 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-10 04:50:30 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-10 04:50:30 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 04:50:30 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll

2013-07-10 04:50:14 4036096 ----a-w- C:\WINDOWS\System32\win32k.sys

2013-07-10 04:47:58 2842112 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL

2013-07-10 04:47:58 2620928 ----a-w- C:\WINDOWS\SysWow64\WMVDECOD.DLL

2013-07-09 08:11:34 -------- d-----w- C:\Users\Gordon William Smith\AppData\Roaming\AVG2013

2013-07-09 08:09:44 -------- d-----w- C:\Users\Gordon William Smith\AppData\Roaming\TuneUp Software

2013-07-09 08:08:58 -------- d--h--w- C:\$AVG

2013-07-09 08:08:57 -------- d-----w- C:\ProgramData\AVG2013

2013-07-09 08:08:21 -------- d-----w- C:\Program Files (x86)\AVG

2013-07-09 07:50:13 -------- d--h--w- C:\ProgramData\Common Files

2013-07-09 07:50:13 -------- d-----w- C:\Users\Gordon William Smith\AppData\Local\MFAData

2013-07-09 07:50:13 -------- d-----w- C:\Users\Gordon William Smith\AppData\Local\Avg2013

2013-07-09 07:50:13 -------- d-----w- C:\ProgramData\MFAData

2013-07-09 04:30:10 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C0E1EA-0A0D-4CE1-92F3-B80D796AF738}\mpengine.dll

2013-07-09 02:32:14 -------- d-----w- C:\WINDOWS\System32\RT 7 Lite

2013-07-09 02:32:14 -------- d-----w- C:\Program Files\Rockers Team

2013-06-30 19:44:19 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-06-30 19:44:12 4379984 ----a-w- C:\WINDOWS\SysWow64\D3DX9_40.dll

2013-06-30 19:44:12 4178264 ----a-w- C:\WINDOWS\SysWow64\D3DX9_41.dll

2013-06-30 19:44:11 81768 ----a-w- C:\WINDOWS\SysWow64\xinput1_3.dll

2013-06-30 19:44:11 3495784 ----a-w- C:\WINDOWS\SysWow64\d3dx9_33.dll

2013-06-30 19:44:11 2414360 ----a-w- C:\WINDOWS\SysWow64\d3dx9_31.dll

2013-06-30 19:42:45 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-06-30 19:42:38 -------- d-----w- C:\Users\Gordon William Smith\AppData\Local\Origin

2013-06-30 19:18:03 -------- d-----w- C:\Program Files (x86)\Origin

2013-06-30 17:38:02 -------- d-----w- C:\Program

2013-06-29 16:30:56 -------- d-----w- C:\Program Files\CCleaner

2013-06-27 04:46:36 248632 ----a-w- C:\WINDOWS\System32\drivers\avgwfpa.sys

2013-06-21 15:52:12 40192 ----a-w- C:\WINDOWS\System32\drivers\prl_strg.sys

2013-06-21 15:51:06 19200 ----a-w- C:\WINDOWS\System32\drivers\prl_time.sys

2013-06-21 15:50:40 120576 ----a-w- C:\WINDOWS\System32\drivers\prl_pv64.sys

.

==================== Find3M  ====================

.

2013-07-13 23:29:50 867240 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll

2013-07-13 23:29:50 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll

2013-06-27 22:04:51 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-06-16 22:41:31 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys

2013-06-16 18:43:14 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlUS.dll

2013-06-16 18:43:12 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlUR.dll

2013-06-16 18:43:10 17152 ----a-w- C:\WINDOWS\System32\KbdPrlUS.dll

2013-06-16 18:43:10 17152 ----a-w- C:\WINDOWS\System32\KbdPrlUR.dll

2013-06-16 18:43:08 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlUK.dll

2013-06-16 18:43:06 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlSZ.dll

2013-06-16 18:43:06 17152 ----a-w- C:\WINDOWS\System32\KbdPrlUK.dll

2013-06-16 18:43:04 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlSW.dll

2013-06-16 18:43:04 17152 ----a-w- C:\WINDOWS\System32\KbdPrlSZ.dll

2013-06-16 18:43:02 17152 ----a-w- C:\WINDOWS\System32\KbdPrlSW.dll

2013-06-16 18:43:00 17152 ----a-w- C:\WINDOWS\SysWow64\KbdPrlSP.dll

2013-06-16 18:41:58 43264 ----a-w- C:\WINDOWS\SysWow64\prl_mapi.dll

2013-06-11 23:43:37 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll

2013-06-01 11:54:16 194816 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\WINDOWS\explorer.exe

2013-06-01 11:33:13 2233600 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys

2013-06-01 11:29:35 337152 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\WINDOWS\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\WINDOWS\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\WINDOWS\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\WINDOWS\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\WINDOWS\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\WINDOWS\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\WINDOWS\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\WINDOWS\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\WINDOWS\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\WINDOWS\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\WINDOWS\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\WINDOWS\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\WINDOWS\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\WINDOWS\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\WINDOWS\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\WINDOWS\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\WINDOWS\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\WINDOWS\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\WINDOWS\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\WINDOWS\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\WINDOWS\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll

2013-05-15 22:37:03 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll

2013-05-15 22:35:49 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2013-05-15 22:35:47 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll

2013-05-15 02:25:59 888320 ----a-w- C:\WINDOWS\System32\autochk.exe

2013-05-15 02:25:44 542208 ----a-w- C:\WINDOWS\System32\untfs.dll

2013-05-15 02:24:10 793088 ----a-w- C:\WINDOWS\SysWow64\autochk.exe

2013-05-15 02:24:01 482816 ----a-w- C:\WINDOWS\SysWow64\untfs.dll

2013-05-14 13:14:01 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2013-05-14 09:23:31 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2013-05-13 16:46:31 40208 ----a-w- C:\WINDOWS\System32\Partizan.exe

2013-05-13 16:38:03 35816 ----a-w- C:\WINDOWS\SysWow64\drivers\Partizan.sys

2013-05-13 16:37:22 2 --shatr- C:\WINDOWS\winstart.bat

2013-05-12 07:38:53 0 ----a-w- C:\WINDOWS\System32\.tmp

2013-05-05 10:57:39 2755072 ----a-w- C:\WINDOWS\SysWow64\themeui.dll.tmp

2013-05-05 10:57:38 245760 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll.tmp

2013-05-04 07:58:17 120736 ----a-w- C:\WINDOWS\System32\AuthHost.exe

2013-05-04 07:42:15 1486100 ----a-w- C:\WINDOWS\cursors\uninstall.exe

2013-05-04 07:34:17 446720 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS

2013-05-04 07:34:15 284416 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys

2013-05-04 06:59:56 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe

2013-05-04 06:59:51 1483776 ----a-w- C:\WINDOWS\System32\VSSVC.exe

2013-05-04 06:59:36 812544 ----a-w- C:\WINDOWS\System32\Magnify.exe

2013-05-04 06:59:25 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll

2013-05-04 06:59:25 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll

2013-05-04 06:59:25 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll

2013-05-04 06:59:24 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll

2013-05-04 06:59:08 13644288 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll

2013-05-04 06:58:54 328192 ----a-w- C:\WINDOWS\System32\ubpm.dll

2013-05-04 06:58:54 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll

2013-05-04 06:58:49 173568 ----a-w- C:\WINDOWS\System32\storewuauth.dll

2013-05-04 06:58:49 1332736 ----a-w- C:\WINDOWS\System32\sysmain.dll

2013-05-04 06:58:48 330240 ----a-w- C:\WINDOWS\System32\stobject.dll

2013-05-04 06:58:28 93696 ----a-w- C:\WINDOWS\System32\psmsrv.dll

2013-05-04 06:58:02 470528 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll

2013-05-04 06:58:02 151552 ----a-w- C:\WINDOWS\System32\netprofm.dll

2013-05-04 06:58:01 169984 ----a-w- C:\WINDOWS\System32\netplwiz.dll

2013-05-04 06:57:59 17408 ----a-w- C:\WINDOWS\System32\muifontsetup.dll

2013-05-04 06:57:46 560640 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll

2013-05-04 06:57:31 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll

2013-05-04 06:57:15 501760 ----a-w- C:\WINDOWS\System32\DevicePairing.dll

2013-05-04 06:57:05 179712 ----a-w- C:\WINDOWS\System32\bisrv.dll

.

============= FINISH: 16:31:40.57 ===============

 

Attach.txt:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft     

Boot Device: \Device\HarddiskVolume4

Install Date: 5/12/2013 2:20:44 AM

System Uptime: 7/18/2013 1:08:36 PM (3 hours ago)

.

Motherboard: Parallels Software International Inc. |  | Parallels Virtual Platform

Processor: Intel® Core i7-3740QM CPU @ 2.70GHz | CPU Socket #0 | 2694/448mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 102 GiB total, 18.373 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 7/18/2013 2:08:47 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20

Advanced Archive Password Recovery

AirParrot

Apple Software Update

AutoHotkey 1.0.48.05

AVG 2013

Boot Camp Services

CCleaner

Google Chrome

Google Update Helper

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 21 (64-bit)

Java 7 Update 25

Java Auto Updater

Lion 2011

Mac OS X Cursors

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.12.12

NVIDIA Update Components

Ontrack EasyRecovery Professional

Origin

Parallels Tools

Project 64 version 2.0.0.14

Realtek High Definition Audio Driver

Recuva

RT 7 Lite (64-Bit)

RT 7 Lite x64

SimCity™

Stardock MyColors

Stardock Start8

The Sims™ 3

The Sims™ 3 70s, 80s, & 90s Stuff

The Sims™ 3 Ambitions

The Sims™ 3 Diesel Stuff

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Island Paradise

The Sims™ 3 Katy Perry's Sweet Treats

The Sims™ 3 Late Night

The Sims™ 3 Master Suite Stuff

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Pets

The Sims™ 3 Seasons

The Sims™ 3 Showtime

The Sims™ 3 Supernatural

The Sims™ 3 Town Life Stuff

The Sims™ 3 University Life

The Sims™ 3 World Adventures

UltraISO Premium V9.36

UnHackMe 5.99 release

Visual Studio 2010 x64 Redistributables

Windows Driver Package - AMD (amdkmafd) System  (09/22/2012 9.002.0.0000)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10)

Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)

Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/29/2012 5.0.1.0)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)

Windows Driver Package - Apple Inc. Apple Keyboard (10/29/2012 5.0.3.0)

Windows Driver Package - Apple Inc. Apple Multitouch (09/11/2012 4.0.3.0)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0)

Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple System Device (08/28/2012 5.0.0.0)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0)

Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113)

Windows Driver Package - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17)

Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1)

Windows Driver Package - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1)

Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (11/09/2012 6.6001.1.38)

Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0)

Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0)

Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0)

Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0)

Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0)

Windows Driver Package - Intel System  (07/20/2007 1.2.76.0)

Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3)

Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0)

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

7/18/2013 12:34:04 PM, Error: Service Control Manager [7000]  - The Yontoo Desktop Updater service failed to start due to the following error:  The system cannot find the file specified.

7/18/2013 1:58:51 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/18/2013 1:10:54 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/18/2013 1:10:54 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

7/18/2013 1:08:49 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

7/17/2013 1:28:48 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

7/15/2013 8:55:55 PM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

7/15/2013 7:17:49 PM, Error: Service Control Manager [7001]  - The Parallels Tools Service service depends on the Parallels Tool Device service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/15/2013 7:17:49 PM, Error: Service Control Manager [7001]  - The Parallels Coherence Service service depends on the Parallels Tool Device service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/15/2013 7:17:48 PM, Error: Service Control Manager [7000]  - The Parallels Tool Device service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/14/2013 7:54:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

7/14/2013 7:54:26 AM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

 

 

Thank you!

[gringo_pr]

Hello MoonlitGordo

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!