JBirchy Posted December 20, 2013 ID:766659 Share Posted December 20, 2013 In both IE and Chrome, I am getting the square pop up ads in the lower left and right corners. Anyone got any advice? Link to post Share on other sites More sharing options...
MrCharlie Posted December 20, 2013 ID:766723 Share Posted December 20, 2013 Welcome to the forum, please start HEREPost back the 2 logs here.....DDS.txt and Attach.txt(please don't put logs in code or quotes and use the default font)General P2P/Piracy Warning:1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Failure to remove such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsWhich system am I using?Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes and use the default font)MrCNote:Please read all of my instructions completely including these.Make sure system restore is turned on and runningMake sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
JBirchy Posted December 20, 2013 Author ID:766725 Share Posted December 20, 2013 DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428Run by Joe at 18:31:44 on 2013-12-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2258 [GMT 0:00].AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\sppsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\Dwm.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\explorer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Joe\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\c5ebfab8-5cc7-46f8-ad52-44ee371708e0.exe /checkmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{F281620E-1B2C-497F-90C4-60926138FBC2} : DHCPNameServer = 192.168.0.1Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -sx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-2 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-2 205320]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-2-22 20464]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-2 1032416]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-2 409832]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-2 283064]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-10-2 38984]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-2 84328]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-26 50344]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-20 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-20 701512]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-22 358896]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-22 792560]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-20 25928]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-10-1 32344]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-1 849992]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-3 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-3 1255736].=============== Created Last 30 ================.2013-12-20 18:30:17 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes2013-12-20 18:30:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-12-20 18:30:11 -------- d-----w- C:\ProgramData\Malwarebytes2013-12-20 18:30:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-12-20 15:12:59 -------- d-sh--w- C:\$RECYCLE.BIN2013-12-20 15:08:26 98816 ----a-w- C:\Windows\sed.exe2013-12-20 15:08:26 256000 ----a-w- C:\Windows\PEV.exe2013-12-20 15:08:26 208896 ----a-w- C:\Windows\MBR.exe2013-12-20 13:57:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D837242-0CED-4241-91ED-5A8C78508F87}\offreg.dll2013-12-11 20:59:37 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-12-09 13:53:24 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D837242-0CED-4241-91ED-5A8C78508F87}\mpengine.dll2013-11-26 22:15:31 -------- d-----w- C:\Users\Joe\AppData\Roaming\AVAST Software.==================== Find3M ====================.2013-12-20 15:44:51 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-12-20 15:44:51 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-12-20 15:44:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-11-26 22:14:50 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-11-26 22:14:50 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-11-26 22:14:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-11-26 22:14:50 43152 ----a-w- C:\Windows\avastSS.scr2013-11-26 22:14:50 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-11-26 22:14:50 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-09 10:50:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 06:22:50 175616 ----a-w- C:\Windows\System32\msclmd.dll2013-10-04 06:22:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-10-02 16:37:27 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe.============= FINISH: 18:31:54.68 =============== Link to post Share on other sites More sharing options...
JBirchy Posted December 20, 2013 Author ID:766730 Share Posted December 20, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 01/10/2013 13:20:43System Uptime: 20/12/2013 13:39:27 (5 hours ago).Motherboard: MSI | | Z77A-G45 (MS-7752)Processor: Intel® Core i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 11.266 GiB free.D: is CDROM ()E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: SM Bus ControllerDevice ID: PCI\VEN_8086&DEV_1E22&SUBSYS_77521462&REV_04\3&11583659&0&FBManufacturer: Name: SM Bus ControllerPNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_77521462&REV_04\3&11583659&0&FBService: .==== System Restore Points ===================.RP38: 11/12/2013 23:09:40 - Windows UpdateRP39: 15/12/2013 21:25:13 - Windows UpdateRP40: 20/12/2013 15:08:27 - ComboFix created restore point.==== Installed Programs ======================.Ace Stream Media 2.1.7.2Adobe Reader XI (11.0.05)Apple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBattlefield 3™Battlelog Web PluginsBitLord 2.3BonjourBundled software uninstallerCompatibility Pack for the 2007 Office systemDAEMON Tools LiteDefinition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionESN SonarFormatFactory 3.1.1Google ChromeGoogle Update HelperGreatArcadeHitsIntel® USB 3.0 eXtensible Host Controller DriveriTunesK-Lite Codec Pack 10.0.5 FullKMSnano 24.1Malwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMicrosoft .NET Framework 4.5Microsoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Word MUI (English) 2013Microsoft WorksMicrosoft Works 6-9 ConverterNVIDIA 3D Vision Controller Driver 310.90NVIDIA 3D Vision Driver 310.90NVIDIA Control Panel 310.90NVIDIA Graphics Driver 310.90NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOriginOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPunkBuster ServicesRealtek Ethernet Controller DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit EditionSecurity Update for Microsoft Lync 2013 (KB2850057) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2768005) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2810009) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2850064) 64-Bit EditionSecurity Update for Microsoft Outlook 2013 (KB2837618) 64-Bit EditionUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)Update for Microsoft Access 2013 (KB2768008) 64-Bit EditionUpdate for Microsoft Access 2013 (KB2827233) 64-Bit EditionUpdate for Microsoft InfoPath 2013 (KB2837648) 64-Bit EditionUpdate for Microsoft Lync 2013 (KB2817678) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2738038) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760242) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760267) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760539) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760553) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817314) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817316) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817490) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817626) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2826004) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2827225) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2827227) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2827230) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2827239) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2837626) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2837637) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2837638) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2837655) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2850066) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2850063) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2767850) 64-Bit EditionUpdate for Microsoft Project 2013 (KB2727085) 64-Bit EditionUpdate for Microsoft Publisher 2013 (KB2837635) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817495) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2837652) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2817306) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2837647) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2850060) 64-Bit EditionWinRAR 5.00 (64-bit).==== Event Viewer Messages From Past Week ========.20/12/2013 15:12:05, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.20/12/2013 15:11:49, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver..==== End Of File =========================== Link to post Share on other sites More sharing options...
JBirchy Posted December 20, 2013 Author ID:766734 Share Posted December 20, 2013 RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Joe [Admin rights]Mode : Scan -- Date : 12/20/2013 18:35:05| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] GreatArcadeHits.job : C:\Users\Joe\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUND[V2][sUSP PATH] GreatArcadeHits : C:\Users\Joe\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Corsair Force 3 SSD ATA Device +++++--- User ---[MBR] 0086f36f0b7bc8b257f89fc226376c3d[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_12202013_183505.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted December 20, 2013 ID:766750 Share Posted December 20, 2013 Please uninstall GreatArcadeHits if you can from your add/remove programs.Then......Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found) [V1][sUSP PATH] GreatArcadeHits.job : C:\Users\Joe\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUND[V2][sUSP PATH] GreatArcadeHits : C:\Users\Joe\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUNDNow click Delete on the right hand column under Options-------------Lets clean out any adware/spyware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Make sure you click on download buttons that look similar to this, not "sponsored ad links":Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted December 23, 2013 ID:768180 Share Posted December 23, 2013 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
JBirchy Posted December 26, 2013 Author ID:769115 Share Posted December 26, 2013 That seems to have done the job thank you so much!!!! Sorry for late reply I was at home for Christmas Link to post Share on other sites More sharing options...
MrCharlie Posted December 26, 2013 ID:769124 Share Posted December 26, 2013 OK..... Take a look at My Preventive Maintenance to avoid being infected again. Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2013 Root Admin ID:769475 Share Posted December 27, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts