PUN.bad.proxy

[jonbrown4521]

Hello, btw I couldn't paste any amount of text until I removed all formatting including word wrap

from within the controls of this webpage. Is this normal or is there a better way?

Anyway:

I got a fake update Flash pop-up while surfing with Internet Explorer.

I didn't click on anything but that got me worried that I caught a virus.

I ran a quick scan with MBAM Pro and it found a slew of infections which I cleaned, then MBAM

wanted a reboot, but PUN.bad.proxy keeps coming back.

My system seems to be running normal. I've searched for solutions going back years but

none worked. Below is the MBAM log that found the malware followed by DDS and Attach logs

I thank you in advance for your help.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.23.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Gary :: GARY-PC [administrator]

Protection: Enabled

2/24/2014 1:09:32 AM

mbam-log-2014-02-24 (01-09-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297528

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2

Run by Gary at 1:59:06 on 2014-02-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6012 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\View-Password\ViewPassword_wd.exe

C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe

C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe

C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe

C:\Windows\system32\svchost.exe -k SDRSVC

G:\TrueCrypt.exe

C:\Program Files (x86)\View-Password\ViewPassword154.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{4A9B68F8-0AC3-4E39-80FD-F1BE47E23D04} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Plus-HD-7.7: {11111111-1111-1111-1111-110511071180} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2010-2-11 14136]

R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-4-1 15408]

R1 BS_TPIO;BS_TPIO;C:\Windows\System32\drivers\BS_TPIO64.sys [2013-4-14 13360]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-5-24 31136]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-9 21992]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 701512]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-14 1593632]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-7 16939296]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-9-2 790368]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-18 411936]

R2 ViewPassword;View Password;C:\Program Files (x86)\View-Password\ViewPassword154.exe [2014-2-23 181760]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-24 25928]

R3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2012-7-9 38400]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-22 39200]

R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-15 520416]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-1 347680]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-1 1255736]

.

=============== Created Last 30 ================

.

2014-02-23 22:20:37 -------- d-----w- C:\Program Files (x86)\View-Password

2014-02-23 06:56:46 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{702C08C7-7ABF-4E92-9C72-CD7D86F6D12C}\mpengine.dll

2014-02-21 17:51:58 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93262BF8-8174-4C45-9D7D-E18F4DDE81FB}\gapaengine.dll

2014-02-21 17:51:47 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-19 03:37:47 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2014-02-19 03:33:28 -------- d-----w- C:\NVIDIA

2014-02-12 20:01:55 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-01-27 16:26:11 -------- d-----w- C:\Program Files\iPod

2014-01-27 16:26:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-27 16:26:10 -------- d-----w- C:\Program Files\iTunes

.

==================== Find3M ====================

.

2014-02-21 18:29:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-21 18:29:16 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-02-08 17:42:36 6712608 ----a-w- C:\Windows\System32\nvcpl.dll

2014-02-08 17:42:36 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll

2014-02-08 17:42:33 923936 ----a-w- C:\Windows\System32\nvvsvc.exe

2014-02-08 17:42:32 63776 ----a-w- C:\Windows\System32\nvshext.dll

2014-02-08 17:42:32 386336 ----a-w- C:\Windows\System32\nvmctray.dll

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-05 17:52:50 3573739 ----a-w- C:\Windows\System32\nvcoproc.bin

2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-27 18:42:26 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2013-12-27 18:42:16 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll

2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll

2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll

2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys

2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

.

============= FINISH: 2:00:04.20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/1/2011 4:04:24 PM

System Uptime: 2/23/2014 11:03:44 PM (3 hours ago)

.

Motherboard: BIOSTAR Group | | TA880GB+

Processor: AMD Phenom II X4 975 Processor | CPU 1 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 221.469 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 325.806 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is FIXED (NTFS) - 466 GiB total, 75.495 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_230A1565&REV_06\4&33170056&0&0038

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_230A1565&REV_06\4&33170056&0&0038

Service: RTL8167

.

==== System Restore Points ===================

.

RP474: 12/17/2013 12:46:23 PM - Installed DirectX

RP475: 12/18/2013 8:35:33 PM - Windows Update

RP476: 12/22/2013 11:13:55 AM - Windows Update

RP477: 12/26/2013 11:10:00 AM - Windows Update

RP478: 12/30/2013 12:09:36 AM - Windows Update

RP479: 1/3/2014 12:50:25 PM - Windows Update

RP480: 1/7/2014 12:34:13 PM - Windows Update

RP481: 1/11/2014 11:53:23 AM - Windows Update

RP482: 1/14/2014 11:59:12 AM - Windows Update

RP483: 1/15/2014 12:40:05 PM - Windows Update

RP484: 1/17/2014 5:00:17 PM - Installed Java 7 Update 51

RP485: 1/18/2014 8:18:42 PM - Windows Update

RP486: 1/22/2014 2:36:37 PM - Windows Update

RP487: 1/22/2014 8:39:45 PM - Installed DirectX

RP488: 1/26/2014 5:28:57 AM - Windows Update

RP489: 1/29/2014 11:35:53 AM - Windows Update

RP490: 2/2/2014 12:44:21 PM - Windows Update

RP491: 2/6/2014 2:25:49 AM - Windows Update

RP492: 2/10/2014 10:43:34 AM - Windows Update

RP493: 2/13/2014 3:00:37 AM - Windows Update

RP494: 2/16/2014 2:36:14 AM - Windows Update

RP495: 2/19/2014 12:35:07 PM - Windows Update

RP496: 2/23/2014 1:56:15 AM - Windows Update

.

==== Installed Programs ======================

.

3DMark 11 Demo

Accu-Feel

ACE COMBAT™ ASSAULT HORIZON Enhanced Edition

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Photoshop CS3

Adobe Reader XI (11.0.06)

Adobe Setup

Alan Wake

Alan Wake's American Nightmare

ANNO 2070 DEMO

Anomaly Warzone Earth

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed II

ASUS nVidia Driver

Batman: Arkham City™

BioShock

BioShock 2

BiosNotice

Bonjour

Borderlands 2

Bully: Scholarship Edition

Call of Juarez Gunslinger

CCleaner

Company of Heroes (New Steam Version)

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC2

CPUID CPU-Z 1.58

CPUID HWMonitor 1.18

Crysis 2 Maximum Edition

Deus Ex: Human Revolution - Director's Cut

DiRT 3

DivX Setup

Drive Manager

Driver San Francisco

Driver Sweeper 2.1.0

Dual-Core Optimizer

Duke Nukem Forever Demo

ESET Online Scanner v3

Euro Truck Simulator 2

EVGA Precision X 4.2.1

Fraps

Futuremark SystemInfo

GameSpy Comrade

GeForce Experience NvStream Client Components

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GRID 2

HandBrake 0.9.9.1

Hard Reset

Homefront

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Deskjet 1050 J410 series Product Improvement Study

HP Photo Creations

HP Product Detection

HP Update

HWiNFO64 Version 4.18

iCloud

ImgBurn

Internet TV for Windows Media Center

iTunes

Java 7 Update 51

Java Auto Updater

Just Cause 2

KeePass Password Safe 2.23

Malwarebytes Anti-Malware version 1.75.0.1300

Max Payne 3

Metro 2033

Metro: Last Light

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4.5.1

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mirror's Edge™

MobileMe Control Panel

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

NaturalPoint USB Drivers x64

Need for Speed: Hot Pursuit

NVIDIA 3D Vision Controller Driver 334.89

NVIDIA 3D Vision Driver 334.89

NVIDIA Control Panel 334.89

NVIDIA GeForce Experience 1.8.2

NVIDIA Graphics Driver 334.89

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 11.10.11

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 11.10.11

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.20

OpenAL

Portal 2

PunkBuster Services

QuickTime

R.U.S.E

Rapture3D 2.4.8 Game

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revo Uninstaller 1.94

RivaTuner Statistics Server 5.4.1

Rockstar Games Social Club

Saints Row: The Third

SeaTools for Windows

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

SHIELD Streaming

Shift 2 Unleashed

Sleeping Dogs™

Spec Ops: The Line

Speccy

Splashtop Software Updater

Splashtop Streamer

State of Decay

Steam

SUPERAntiSpyware

System Requirements Lab

System Requirements Lab CYRI

T-Utility Green Power Utility II

Take On Helicopters

TomTom HOME Visual Studio Merge Modules

TOVERCLOCKER

TrackIR 5

Train Simulator 2014

TrueCrypt

Ubisoft Game Launcher

Uninstall Helper

Uplay

Utility

VC80CRTRedist - 8.0.50727.6195

View Password

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VoiceOver Kit

Watchmen: The End Is Nigh

Windows Live ID Sign-in Assistant

Windows Media Center Add-in for Flash

WinRAR 4.20 (64-bit)

XCOM: Enemy Unknown

XviD MPEG-4 Video Codec

Zombie Driver

.

==== Event Viewer Messages From Past Week ========

.

2/24/2014 1:56:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

2/23/2014 6:06:43 AM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.

2/23/2014 11:28:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Gary-PC\Gary SID (S-1-5-21-1189964135-821841741-3551739447-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/23/2014 11:28:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Gary-PC\Gary SID (S-1-5-21-1189964135-821841741-3551739447-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/23/2014 11:09:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

2/23/2014 10:57:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/23/2014 10:57:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/23/2014 10:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/23/2014 10:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/23/2014 10:57:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/23/2014 10:57:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/23/2014 10:57:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BIOS BS_I2cIo BS_TPIO DfsC discache HWiNFO32 MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx truecrypt Wanarpv6 WfpLwf ws2ifsl

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2014 10:57:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2014 10:57:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2014 10:57:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2014 10:57:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2014 2:05:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Gary-PC\Gary SID (S-1-5-21-1189964135-821841741-3551739447-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/20/2014 1:50:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/20/2014 1:50:10 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/19/2014 3:44:39 AM, Error: Ntfs [137] - The default transaction resource manager on volume R: encountered a non-retryable error and could not start. The data contains the error code.

.

==== End Of File ===========================

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in next reply...

 

Kevin...

[jonbrown4521]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.24.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Gary :: GARY-PC [administrator]

Protection: Enabled

2/24/2014 8:06:46 AM

mbam-log-2014-02-24 (08-06-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297762

Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[kevinf80]

Have you also got the other logs?

[jonbrown4521]

Thanks....attach.txt is out of order, it's the last file.

mbam-log-2014-02-24 (08-06-46).txt

dds.txt

JRT.txt

FRST.txt

Addition.txt

attach.txt

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
• When asked, allow the add/on to be installed
  Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish
  

When the scan is complete

• If no threats were found
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found
  

If threats were found

• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish
  

close program

copy and paste the report in next reply

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
• When asked, allow the add/on to be installed
  Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish
  

When the scan is complete

• If no threats were found
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found
  

If threats were found

• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish
  

close program

copy and paste the report in next reply

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin..

fixlist.txt

[jonbrown4521]

Thanks, attached are the 2 files you requested.

Fixlog.txt

ESET SCAN.txt

[kevinf80]

How is your system responding, any issues or concerns?

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

[jonbrown4521]

I ran MBAM right after I completed the ESET. I apologize for not waiting for your response first

before running it.

Yes, PUN.bad.proxy came up again.

Subsequent scans came up clean but I'm still infected, I suppose.

I did save and attach the log that found the infection, though. It's the one attached below.

checkup.txt

MBAM-log-2014-02-24 (19-04-44).txt

[kevinf80]

mmm so the proxy return again, continue please:

 

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  
• If the tool does not run from any of the links provided, please let me know.
  

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[jonbrown4521]

Here are the 2 files.

Rkill.txt

ComboFix.txt

[kevinf80]

Re-run Malwarebytes Quick scan and post the fresh log, let me know if any remaining issues or concerns..

[jonbrown4521]

 Looking good.

mbam-log-2014-02-25 (08-22-16).txt

[kevinf80]

Well the proxy is gone.... Any other issues or concerns?

[jonbrown4521]

I really think I'm okay. Thanks. 

[kevinf80]

Excellent, we can clean up tools etc..

 

Remove Combofix now that we're done with it

 

•  

   

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.

   

   

• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

   

  

   

   

• Please follow the prompts to uninstall Combofix.

   

   

• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

   

   

 

 

Next,

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
     
• Remove disinfection tools
     
• Purge System Restore
     
• Reset system settings
  

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know if those steps complete successfully, if all is ok can we close out?

 

Thanks,

 

Kevin

 

 

 

 

fixlist.txt

[jonbrown4521]

I believe everything is clean and green. Thanks !

[kevinf80]

Good to hear all is well, read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!