Jump to content

Keep getting pop-up balloons from Malwarebytes


Recommended Posts

I keep getting "Sucessfully blocked access to a potentially malicious website:" (different IPs every 30-50 sec). Type: outgoing, Process: dllhost.exe, Different ports.

 

Using Microsoft Security Essentials and Malwarebytes Anti-Malware. Help please. I'm worried my PCs infected.

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
Link to post
Share on other sites

Here are the dds.txt and attach.txt results.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514
Run by v at 21:53:39 on 2013-11-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3902 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\homeUser\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\homeUser\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{223CA24E-FE02-4F89-83F5-393798F6FAE4} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-11-30 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-11-30 13824]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-5 701512]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2011-11-30 7680]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2656536]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-8-31 197416]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-21 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-5-16 25496]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-30 471144]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-5-16 42392]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-5-16 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-31 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-09 02:44:53 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3903A486-8635-43A8-A05E-D96BEA6B312F}\mpengine.dll
2013-11-07 21:59:43 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-11-07 21:59:42 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F4D3F1D-D267-456D-82C9-6CBFF71A3A31}\gapaengine.dll
2013-11-06 19:14:05 -------- d-----w- C:\Intel
2013-11-06 18:32:08 -------- d-----w- C:\Users\v\AppData\Local\SoftGrid Client
2013-11-06 18:32:07 -------- d-----w- C:\Users\v\AppData\Roaming\SoftGrid Client
2013-11-06 00:44:18 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-05 21:16:30 -------- d-----w- C:\Users\v\AppData\Roaming\Malwarebytes
2013-11-05 21:11:57 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-05 21:11:54 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-11-05 21:11:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-05 21:08:42 -------- d-----w- C:\Users\v\AppData\Local\Programs
2013-11-05 05:17:34 -------- d-----w- C:\Users\v\AppData\Local\ElevatedDiagnostics
2013-10-31 23:59:09 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-10-31 23:59:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-10-31 19:04:58 97941 ----a-w- C:\ProgramData\1383246106.bdinstall.bin
2013-10-31 19:01:45 37823 ----a-w- C:\ProgramData\1383246085.bdinstall.bin
2013-10-31 03:20:19 304109 ----a-w- C:\ProgramData\1383188907.bdinstall.bin
2013-10-30 22:53:03 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4F2D937-2F47-45AD-B758-AEF78EB4F487}\mpengine.dll
2013-10-29 20:55:28 98789 ----a-w- C:\ProgramData\1383079874.bdinstall.bin
2013-10-29 20:51:13 37855 ----a-w- C:\ProgramData\1383079870.bdinstall.bin
2013-10-18 14:35:54 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-10-18 14:35:53 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-10-18 14:35:53 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-10-18 14:35:53 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-10-18 14:35:53 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-10-18 14:35:52 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-10-18 14:35:52 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-10-10 05:06:06 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-10 05:01:03 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-10-10 05:01:03 42496 ----a-w- C:\windows\System32\drivers\usbscan.sys
2013-10-10 05:01:03 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys
2013-10-10 05:01:02 259584 ----a-w- C:\windows\System32\WebClnt.dll
2013-10-10 05:01:02 205824 ----a-w- C:\windows\SysWow64\WebClnt.dll
2013-10-10 05:01:01 81920 ----a-w- C:\windows\SysWow64\davclnt.dll
2013-10-10 05:01:01 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-10-10 05:01:01 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-10-10 05:01:01 140800 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2013-10-10 05:01:01 102400 ----a-w- C:\windows\System32\davclnt.dll
2013-10-10 05:01:00 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-10-10 05:01:00 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
.
==================== Find3M  ====================
.
2013-10-07 05:22:01 250667 ----a-w- C:\ProgramData\1381122783.bdinstall.bin
2013-09-22 14:42:33 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 14:33:53 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 14:33:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-09-22 14:23:30 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-09-22 14:21:21 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-09-22 14:15:47 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-22 10:22:59 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
.
============= FINISH: 21:54:09.56 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/20/2012 9:38:38 AM
System Uptime: 11/8/2013 5:50:46 PM (4 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | 300E4A/300E5A/300E7A/3430EA/3530EA
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 112.432 GiB free.
D: is FIXED (NTFS) - 267 GiB total, 266.636 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 10/19/2013 1:14:09 PM - Windows Update
RP169: 10/30/2013 6:52:22 PM - Windows Update
RP170: 11/3/2013 10:17:17 AM - Windows Update
RP171: 11/5/2013 2:13:08 PM - Removed Visual Studio 2012 x64 Redistributables
RP172: 11/5/2013 2:20:58 PM - Removed Visual Studio 2012 x64 Redistributables
RP173: 11/5/2013 2:23:01 PM - Removed Visual Studio 2012 x86 Redistributables
RP174: 11/7/2013 4:57:41 PM - Windows Update
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
A+ 2009 Passport Book CD Demo
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Agatha Christie - Death on the Nile
Amazon Kindle
Ask Toolbar
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bejeweled 2 Deluxe
Best Buy pc app
Bing Bar
Build-a-lot
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
ETDWare PS/2-X64 10.0.7.3_WHQL
Farm Frenzy
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Insaniquarium Deluxe
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Java 7 Update 5 (64-bit)
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Multimedia POP
Norton Online Backup
NVIDIA Display Control Panel
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
ooVoo
ooVoo toolbar, powered by Ask.com Updater
OpenOffice.org 3.4.1
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
Python 3.2.3
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype Click to Call
Skype™ 6.9
Software Launcher
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
The Sims™ 2 Double Deluxe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/8/2013 6:01:32 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.161.1646.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10003.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/7/2013 11:01:45 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.161.1475.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10003.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/5/2013 12:58:09 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/4/2013 11:20:08 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/4/2013 11:15:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/4/2013 11:15:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/4/2013 11:15:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/4/2013 11:15:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/4/2013 11:15:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/4/2013 11:15:08 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx VWiFiFlt Wanarpv6 WfpLwf
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/4/2013 11:15:06 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

As you can see in the Event Logs at the bottom of your attach.txt log file there is a lot of issues going on with the computer.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.