Black Screen after trying MalwareBytes 2

[Rahnen]

From original post...

I tried Malwarebytes after a friends recommendation and I now have a Black Screen after Login into Windows 7.

 

I tried going into Safe Mode(which worked fine except screen resolution), started MWB and tried restored deleted files and get the same thing. What do I do from here? ...  Go back to a Restore Point?

 

New to "Removal" Post:

 

Pasted & Attached are the requested files

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2

Run by Rick.Ahnen at 18:15:52 on 2013-12-22

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4046.3112 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\SysWOW64\atashost.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

uURLSearchHooks: {482c2143-8424-417c-be8e-a3e5e3471434} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Browse For Change BHO: {912C156F-05CF-4B62-851A-96E167A677B0} - 

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: {cf97fb73-9bda-4ef5-b3f3-02c6cd43b963} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll

uRun: [Google Update] "C:\Users\rick.ahnen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "C:\Users\rick.ahnen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Akamai NetSession Interface] "C:\Users\rick.ahnen\AppData\Local\Akamai\netsession_win.exe"

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe

mRun: [signIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: RunStartupScriptSync = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\131364850373139313237373 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\155716C69647970294E6E602F4E6D2759664960223 : DHCPNameServer = 192.168.182.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\2656C6B696E6E2439343 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\65562796A7F6E6D2D496649653531303C4D254031313 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\E45445745414254383 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{84750575-74C4-47B1-AD58-0B55D6F57C55}\E45445745414257313 : DHCPNameServer = 192.168.50.2

Notify: DeviceNP - DeviceNP.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  DPPassFilter EpePcNp64 scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll

x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"

x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\rick.ahnen\AppData\Roaming\Mozilla\Firefox\Profiles\7tzin3yu.default\

FF - prefs.js: browser.search.selectedEngine - Ask Search

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Users\rick.ahnen\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\rick.ahnen\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14//Browseforchange

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: content.notify.ontimer - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.switch.threshold - 750000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.sessionstore.resume_session_once - true

FF - user.js: browser.sessionstore.resume_session_once - true

.

============= SERVICES / DRIVERS ===============

.

R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2011-3-29 168008]

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-3-6 55856]

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-11-20 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-11-20 1147480]

R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2012-4-18 211040]

R0 vidsflt61;Acronis Disk Storage Filter (61);C:\windows\System32\drivers\vsflt61.sys [2012-4-18 142944]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-6-5 137232]

R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2013-3-11 26208]

R3 KbdBlock2;KbdBlock2;C:\windows\System32\drivers\KBDBlock2.sys [2012-6-19 14416]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]

S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]

S1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-11-20 162392]

S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSviA64.sys [2013-12-21 521944]

S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-11-20 264280]

S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-11-20 590936]

S1 Uim_VIM;UIM Virtual Image Plugin;C:\windows\System32\drivers\uim_vimx64.sys [2012-2-27 379696]

S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-26 89600]

S2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2013-10-14 75648]

S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-3-12 203776]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]

S2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-10 166352]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hasplms;Sentinel HASP License Manager;C:\windows\System32\hasplms.exe  -run --> C:\windows\System32\hasplms.exe  -run [?]

S2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

S2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]

S2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-8-26 322048]

S2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]

S2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-4-25 31000]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-13 13336]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-22 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-22 701512]

S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-3-29 1318912]

S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-11-20 275696]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]

S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-9-11 113264]

S2 SCPwrSetSvr;SCPwrSet Service;C:\windows\System32\SCPwrSetSvr.exe [2013-4-29 90112]

S2 Sentinel64;Sentinel64;C:\windows\System32\drivers\sentinel64.sys [2012-8-4 145448]

S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-26 2673064]

S2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2012-2-13 502464]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-13 2656536]

S2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-8-23 3175728]

S2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2010-5-28 278800]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-3-15 198144]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-3-15 198144]

S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2012-2-13 32192]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-3-12 231440]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-11-26 270336]

S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2012-2-13 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-13 39464]

S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]

S3 flyer_usb2;flyer_usb2;C:\windows\System32\drivers\flyer_usb2.sys [2011-5-22 257536]

S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]

S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-3-11 175928]

S3 KEYENCE_LK-G;KEYENCE_LK-G.sys : WDF Driver for KEYENCE USB Device;C:\windows\System32\drivers\KEYENCE_LK-G.sys [2013-2-19 17408]

S3 KEYENCE_SZ;KEYENCE_SZ.sys : WDF Driver for KEYENCE USB Device;C:\windows\System32\drivers\KEYENCE_SZ.sys [2013-12-7 18432]

S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-22 25928]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2012-9-28 19936]

S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2012-9-28 13280]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-1-15 1116656]

S3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2012-2-13 2611704]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SzCCID;USB SmartCard Reader Driver;C:\windows\System32\drivers\SzCCID.sys [2013-4-29 43520]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-3-3 59392]

S3 vpcuxd;USB Virtualization Stub Service;C:\windows\System32\drivers\vpcuxd.sys [2012-3-3 16384]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-12-22 22:14:17 -------- d-----w- C:\Users\rick.ahnen\AppData\Roaming\Malwarebytes

2013-12-22 22:13:52 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-12-22 22:13:52 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-22 22:13:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-20 21:20:40 3155968 ----a-w- C:\windows\System32\win32k.sys

2013-12-20 21:20:17 81408 ----a-w- C:\windows\System32\imagehlp.dll

2013-12-20 21:20:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2013-12-20 21:20:14 116736 ----a-w- C:\windows\System32\drivers\drmk.sys

2013-12-20 21:20:13 230400 ----a-w- C:\windows\System32\drivers\portcls.sys

2013-12-20 21:17:36 202752 ----a-w- C:\windows\System32\scrrun.dll

2013-12-20 21:17:36 168960 ----a-w- C:\windows\System32\wscript.exe

2013-12-20 21:17:36 163840 ----a-w- C:\windows\SysWow64\scrrun.dll

2013-12-20 21:17:36 156160 ----a-w- C:\windows\System32\cscript.exe

2013-12-20 21:17:36 141824 ----a-w- C:\windows\SysWow64\wscript.exe

2013-12-20 21:17:36 126976 ----a-w- C:\windows\SysWow64\cscript.exe

2013-12-20 21:17:35 150016 ----a-w- C:\windows\System32\wshom.ocx

2013-12-20 21:17:35 121856 ----a-w- C:\windows\SysWow64\wshom.ocx

2013-12-09 21:29:02 524016 ----a-w- C:\windows\System32\drivers\SynTP.sys

2013-12-09 21:29:02 421616 ----a-w- C:\windows\System32\SynTPCo19.dll

2013-12-09 21:29:02 251632 ----a-w- C:\windows\System32\SynTPAPI.dll

2013-12-09 21:29:02 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll

2013-12-09 21:29:02 169712 ----a-w- C:\windows\SysWow64\SynTPCom.dll

2013-12-09 21:29:01 722160 ----a-w- C:\windows\System32\SynCOM.dll

2013-12-09 21:29:01 400112 ----a-w- C:\windows\SysWow64\SynCom.dll

2013-12-09 21:28:54 92 ----a-w- C:\windows\System32\calibration.bin

2013-12-09 21:28:54 26416 ----a-w- C:\windows\System32\pca-manta.bin

2013-12-07 21:25:06 18432 ----a-w- C:\windows\System32\drivers\KEYENCE_SZ.sys

2013-11-27 18:20:18 -------- d-----w- C:\New folder

2013-11-27 15:09:17 -------- d-----w- C:\Users\rick.ahnen\AppData\Roaming\ControlCenter4

2013-11-26 22:24:33 -------- d-----w- C:\Brother

2013-11-26 22:24:23 -------- d-----w- C:\ProgramData\ControlCenter4

2013-11-26 22:24:23 -------- d-----w- C:\Program Files (x86)\Browny02

2013-11-26 22:24:11 -------- d-----w- C:\Program Files (x86)\ControlCenter4

2013-11-26 22:24:02 318464 ------w- C:\windows\System32\BrFaxTxAppRun64.dll

2013-11-26 22:24:02 -------- d-----w- C:\ProgramData\PCFaxTx

2013-11-26 22:04:22 -------- d-----w- C:\Program Files\Nuance

2013-11-26 22:03:44 -------- d-----w- C:\ProgramData\zeon

2013-11-26 22:01:03 -------- d-----w- C:\Users\rick.ahnen\AppData\Roaming\Nuance

2013-11-26 21:59:06 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared

2013-11-26 21:59:03 -------- d-----w- C:\ProgramData\Nuance

2013-11-26 21:59:03 -------- d-----w- C:\Program Files (x86)\Nuance

2013-11-26 21:57:04 -------- d-----w- C:\ProgramData\Brother

2013-11-26 18:59:39 -------- d-----w- C:\Program Files\CPUID

.

==================== Find3M  ====================

.

2013-12-10 22:33:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 22:33:19 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-11-21 01:07:17 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2013-10-12 02:31:48 1188864 ----a-w- C:\windows\System32\wininet.dll

2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2013-10-12 02:04:18 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL

2013-10-12 01:32:57 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2013-10-12 01:15:03 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-10-08 12:50:37 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys

2013-09-27 03:18:30 1147480 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys

2013-09-27 02:45:56 264280 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\Ironx64.sys

2013-09-27 02:26:03 858200 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\srtsp64.sys

2013-09-26 03:28:00 590936 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys

2013-09-26 02:50:25 162392 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys

2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe

.

============= FINISH: 18:16:45.77 ===============

 

 

attach.zip

[MrCharlie]

Yes, try system restore, there's recent one available:

RP240: 12/20/2013 3:17:09 PM - Windows Update

MrC

[Rahnen]

The restore point worked! Thanks.

 

I rebooted again just to make sure, and everything appears back to the way it was.

 

Now back to the reason I tried MalwareBytes...I heard there were holes in Norton & I was suspicious that that something may be hiding.  Obviously MalwareBytes found something, but I must have went to far or something with what it removed.  I am a little nervous as what to do next considering that MWB, DDS, or the restore point turned Norton off.  What do I do from here?

[MrCharlie]

Can you post the log from Malwarebytes?  MrC

[Rahnen]

I looked around the \Malwarebytes directory and in the root and I don't see a log file.  Is it called something other than .log or .txt?

[MrCharlie]

Open up Malwarebytes > Logs tab

or

-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

MrC

[Rahnen]

Thanks  I found them.

 

 

mbam-log-2013-12-22 (16-47-23).zip

[MrCharlie]

There's a lot of adware/spyware in those logs....lets do this:

First...create a new restore point.

Then.........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!