TheGimpAddict Posted November 26, 2013 ID:758282 Share Posted November 26, 2013 I've run Malwarebytes on all 3 of my drives and fixed any issues that it reported, but I'm still being pestered with adware that pops up during my browsing sessions. It links to a site called systweak.com, and it looks very malicious. Any help on resolving this issue would be greatly appreciated. Thanks,Daniel Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758285 Share Posted November 26, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
TheGimpAddict Posted November 26, 2013 Author ID:758287 Share Posted November 26, 2013 RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Daniel [Admin rights]Mode : Scan -- Date : 11/26/2013 15:28:11| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\Users\Daniel\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\Daniel\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5001AALS-00L3B2 ATA Device +++++--- User ---[MBR] 57daa2263cebbee9208d4db251b65030[bSP] 2fa7daa7314360323fdce8ce39706d87 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD5000AAKS-00V1A0 ATA Device +++++--- User ---[MBR] f136ca1d69008f3324289dbb0ddc38a8[bSP] 0c82c80f99556c721d641eb84f2a2dd9 : Linux MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 465331 Mo1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 953001982 | Size: 11606 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) KINGSTON SH103S3120G ATA Device +++++--- User ---[MBR] 8e730c840e741d81ff0fe02b7c229b72[bSP] 9416d1177e8f6132d80d275bc6517acd : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_11262013_152811.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758297 Share Posted November 26, 2013 I need the DDS.txt and Attach.txt also. MrC Link to post Share on other sites More sharing options...
TheGimpAddict Posted November 26, 2013 Author ID:758298 Share Posted November 26, 2013 Ah sorry I forgot them. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.40.2Run by Daniel at 15:59:31 on 2013-11-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5633 [GMT -6:00].AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\AEADISRV.EXEC:\Program Files (x86)\DisplayFusion\DisplayFusionService.exeC:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\EscSvc64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Windows\System32\rundll32.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\System32\spool\drivers\x64\3\E_IATIIBA.EXEC:\Program Files (x86)\Gyazo\GyStation.exeC:\Users\Daniel\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exeF:\LoL Replays\LOLReplay\LOLRecorder.exeC:\Program Files\Rainmeter\Rainmeter.exeC:\Program Files (x86)\Razer\DeathAdder\razerhid.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Razer\DeathAdder\razertra.exeC:\Program Files (x86)\Razer\DeathAdder\razerofa.exeC:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Users\Daniel\Downloads\RogueKillerX64.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.193\deploy\LoLLauncher.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\LolClient.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dlluRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series"uRun: [AdobeBridge] <no file>mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exedRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - F:\LoL Replays\LOLReplay\LOLRecorder.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 192.168.0.1TCP: Interfaces\{6A03302F-D36C-4279-B2FA-C54D7176CF6F} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dllSSODL: WebCheck - <orphaned>x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dllx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z8fcprty.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dllFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-18 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-18 1147480]R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-18 1524824]R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-18 162392]R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSviA64.sys [2013-11-26 521816]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-18 264280]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-18 590936]R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-10-20 1315728]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-3-5 135824]R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-18 264360]R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-6 14984480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2012-12-25 12032]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-25 137648]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-8-6 39712]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]R3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2012-12-25 13312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-26 59392]S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-4-12 106256]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-25 1255736].=============== Created Last 30 ================.2013-11-26 20:57:37 -------- d-----w- C:\Program Files (x86)\SpeedFan2013-11-18 06:59:35 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys2013-11-18 06:59:35 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys2013-11-18 06:59:35 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys2013-11-18 06:59:35 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys2013-11-18 06:59:35 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys2013-11-18 06:59:35 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys2013-11-18 06:59:35 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys2013-11-18 06:59:35 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys2013-11-18 06:59:29 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.0122013-11-17 20:05:07 -------- d-----w- C:\Program Files (x86)\AMD2013-11-17 20:04:57 -------- d-----w- C:\Users\Daniel\AppData\Local\Downloaded Installations2013-11-13 12:19:01 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-11-13 12:18:58 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-11-13 12:18:58 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-11-13 12:18:57 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-11-13 12:18:57 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-11-13 12:18:57 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-11-13 12:18:57 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-11-13 12:18:57 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-11-13 04:42:49 -------- d-----w- C:\Users\Daniel\AppData\Local\Activision2013-11-07 03:18:34 -------- d-----w- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite2013-11-07 03:17:07 -------- d-----w- C:\ProgramData\DAEMON Tools Lite2013-11-07 03:09:38 -------- d-----w- C:\Users\Daniel\AppData\Roaming\InfraRecorder.==================== Find3M ====================.2013-11-18 06:59:37 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-10-14 21:08:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-14 21:08:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-06 07:14:32 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-10-06 07:14:25 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-10-06 07:14:20 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-09-29 21:22:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-29 21:22:03 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-09-29 21:22:03 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-09-29 21:20:04 973736 ----a-w- C:\Windows\System32\deployJava1.dll2013-09-29 21:20:04 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-09-29 21:20:04 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe.============= FINISH: 15:59:40.92 =============== Attach.txt DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 12/25/2012 1:34:04 PMSystem Uptime: 11/26/2013 3:21:59 PM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | Crosshair III FormulaProcessor: AMD Phenom II X4 955 Processor | AM3 | 3710/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 15.932 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 466 GiB total, 95.306 GiB free.F: is FIXED (NTFS) - 454 GiB total, 200.754 GiB free..==== Disabled Device Manager Items =============.Class GUID:Description:Device ID: ACPI\ATK0110\1010110Manufacturer:Name:PNP Device ID: ACPI\ATK0110\1010110Service:.==== System Restore Points ===================.RP188: 12/13/2012 3:00:27 AM - Windows UpdateRP189: 12/21/2012 3:00:13 AM - Windows UpdateRP96: 11/12/2013 10:42:22 PM - Installed DirectXRP97: 11/14/2013 3:00:11 AM - Windows UpdateRP98: 11/17/2013 2:04:29 PM - Installed DirectXRP99: 11/25/2013 12:52:22 AM - Scheduled Checkpoint.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe AIRAdobe Flash Player 11 PluginAdobe Photoshop CS6Adobe Reader XI (11.0.01)Amazon Cloud PlayerAssassin's Creed IIAudacity 2.0.3Batman: Arkham Asylum GOTY EditionBatman: Arkham City GOTYBattlefield 3™Battlefield 4™ BetaBattlelog Web PluginsBlenderCall of Duty 4: Modern WarfareCall of Duty: Black OpsCall of Duty: Black Ops - MultiplayerCCleanerCrysis 2 Maximum EditionD3DX10Deluge 1.3.6DisplayFusion 5.1Dota 2Download NavigatorDual-Core OptimizerDVD Flick 1.3.0.7Epson ConnectEpson Customer ParticipationEpson Event ManagerEPSON ScanEPSON XP-400 Series Printer UninstallEpsonNet PrintESN SonarFAHClientFallout 3Fallout: New VegasFolding@home-gpuFrapsGIMP 2.8.2Gyazo 2.0.1HD Tune Pro 5.00Heroes of Might and Magic V: Tribes of the EastHitFilm 2 ExpressHP Deskjet 2050 J510 series Basic Device SoftwareHP Deskjet 2050 J510 series HelpJava 7 Update 40Java 7 Update 40 (64-bit)Java Auto UpdaterLeague of LegendsLOLReplayMalwarebytes Anti-Malware version 1.75.0.1300Metro: Last Light © Deep Silver version 1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Might and Magic Heroes VI DemoMirror's EdgeMovie MakerMovie Studio Platinum 12.0 (64-bit)Mozilla Firefox 25.0.1 (x86 en-US)Mozilla Maintenance ServiceMSI Afterburner 2.3.0MSVCRTMSVCRT RedistsMSVCRT110MSVCRT110_amd64Norton 360NVIDIA 3D Vision Controller Driver 320.49NVIDIA 3D Vision Driver 320.49NVIDIA Control Panel 320.49NVIDIA GeForce Experience 1.6NVIDIA Graphics Driver 320.49NVIDIA HD Audio Driver 1.3.24.2NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 7.2.17NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.1Oracle VM VirtualBox 4.2.12OriginPDF Settings CS6Photo CommonPhoto GalleryPowerISOPunkBuster ServicesRainmeterRazer DeathAdder MouseRealterm 2.0.0.70Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)SHIELD StreamingSid Meier's Civilization VSkype™ 6.10SnackrSoundMAXSpeccySpeedFan (remove only)Star Wars: Knights of the Old RepublicStarCraft IISteamThe Elder Scrolls V: SkyrimThe Stanley Parable DemoThe Witcher 2: Assassins of Kings Enhanced EditionUbisoft Game LauncherVegas Pro 12.0 (64-bit)VLC media player 2.0.7Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language Pack.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted November 26, 2013 ID:758306 Share Posted November 26, 2013 Give this a try first: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look like this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted November 29, 2013 ID:759160 Share Posted November 29, 2013 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
Staff gringo_pr Posted December 1, 2013 Staff ID:759606 Share Posted December 1, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts