SpyWare BeWare! ASAP
April 23, 2017, 04:33:46 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: Nana's computer - keeps getting malware  (Read 1075 times)
0 Members and 1 Guest are viewing this topic.
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« on: September 27, 2013, 09:29:36 AM »

Wondering if somehow she has something that is recruiting malware or going somewhere to get it inadvertently can you check it out? logs below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688
Run by Bobbie at 10:23:07 on 2013-09-27
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3982.1908 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [0F9FD071FF3D2D18282798DDEB0E7AD9ED3470C5._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{75BCEBAF-EBE4-4EB3-B808-C6B40DD6F8EB} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{C0187169-FE16-4377-B059-17637BFBBED4} : DHCPNameServer = 192.168.24.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\6zxkmf5j.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-8-1 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-8-1 204880]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-8-1 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-8-1 378944]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-8-1 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-8-1 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-10 46808]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2013-1-18 29056]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2013-1-18 30592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-5-13 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-13 166720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-13 365376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-1-16 65784]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2013-1-18 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2013-1-18 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2013-1-18 64832]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2013-1-18 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2013-1-18 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-1-18 21152]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-1-18 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-1-18 110744]
S2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe --> C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-8-6 23552]
.
=============== Created Last 30 ================
.
2013-09-14 23:33:51   78296   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 23:33:50   694232   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-09-14 23:35:15   408   ----a-w-   C:\Users\Bobbie\AppData\Roaming\sp_data.sys
2013-08-30 07:48:10   72016   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10   204880   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10   1030952   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40   41664   ----a-w-   C:\Windows\avastSS.scr
2013-08-21 04:12:06   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-08-21 04:11:59   915968   ----a-w-   C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59   53760   ----a-w-   C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07   3959296   ----a-w-   C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06   44032   ----a-w-   C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28   2876928   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56   534528   ----a-w-   C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13   58200   ----a-w-   C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26   2371728   ----a-w-   C:\Windows\System32\WSService.dll
2013-08-16 05:32:48   209200   ----a-w-   C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22   40448   ----a-w-   C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11   4917760   ----a-w-   C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30   105984   ----a-w-   C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21   35328   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07   84992   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07   126976   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03   562688   ----a-w-   C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03   159232   ----a-w-   C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02   83968   ----a-w-   C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02   167424   ----a-w-   C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02   143872   ----a-w-   C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02   124928   ----a-w-   C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52   76800   ----a-w-   C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47   91648   ----a-w-   C:\Windows\SysWow64\sppc.dll
2013-08-07 05:15:02   144896   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-08-03 04:30:14   4038144   ----a-w-   C:\Windows\System32\win32k.sys
2013-08-02 01:26:33   21   ----a-w-   C:\Users\Bobbie\AppData\Roaming\my_intel.sys
2013-07-13 06:18:21   337408   ----a-w-   C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06   68096   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06   1889280   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53   98304   ----a-w-   C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53   124416   ----a-w-   C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58   261120   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11   1568256   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03   87040   ----a-w-   C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03   74240   ----a-w-   C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07   120144   ----a-w-   C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21   439488   ----a-w-   C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17   2233168   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45   385768   ----a-w-   C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19   245760   ----a-w-   C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00   543744   ----a-w-   C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00   414208   ----a-w-   C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00   370688   ----a-w-   C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16   312832   ----a-w-   C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17   1025024   ----a-w-   C:\Windows\System32\localspl.dll
2013-07-03 00:23:43   391168   ----a-w-   C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12   778752   ----a-w-   C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26   1300480   ----a-w-   C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23   268800   ----a-w-   C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02   551424   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14   36288   ----a-w-   C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49   247216   ----a-w-   C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14   67072   ----a-w-   C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22   77312   ----a-w-   C:\Windows\System32\openfiles.exe
.
============= FINISH: 10:24:04.88 ===============

_________________________________________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2013 6:59:26 AM
System Uptime: 9/14/2013 7:32:42 PM (303 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | X502CA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz | SOCKET 0 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 405.952 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 8/31/2013 8:53:01 PM - Scheduled Checkpoint
RP8: 9/10/2013 3:38:02 PM - Scheduled Checkpoint
RP9: 9/14/2013 7:03:46 PM - Windows Update
RP11: 9/19/2013 9:17:55 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.Cool MUI
Alcor Micro USB Card Reader
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Screen Saver
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
avast! Free Antivirus
D3DX10
Easy Gadget
Galerie de photos
Galerķa de fotos
Google Chrome
Google Update Helper
Intel(R) Dynamic Platform and Thermal Framework
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MyBitCast 2.0
Open It!
Photo Common
Photo Gallery
Qualcomm Atheros Client Installation Program
Realtek High Definition Audio Driver
Shared C Run-time for x64
Update for Zip Opener
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zip Opener Packages
.
==== Event Viewer Messages From Past Week ========
.
9/23/2013 10:41:03 PM, Error: Service Control Manager [7000]  - The BrowserDefendert service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #1 on: September 28, 2013, 08:14:23 PM »

Run this scan to start:

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #2 on: September 28, 2013, 10:24:34 PM »

Said no clean up required! YAY!

logs:

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.29.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Bobbie :: BARBARA [administrator]

9/28/2013 10:55:27 PM
mbar-log-2013-09-28 (22-55-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211349
Time elapsed: 14 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
----------------------------------------------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4175130624, free: 2076524544

Downloaded database version: v2013.09.29.01
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/28/2013 22:55:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\DptfDevProc.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\DptfDevFan.sys
\SystemRoot\system32\DRIVERS\DptfDevGen.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\DptfDevDram.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\DptfManager.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa8008131210
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\000001fc\
Lower Device Object: 0xfffffa8008100b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c92060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003e\
Lower Device Object: 0xfffffa8004424510
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c92060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045da980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c92060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004317e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004424510, DeviceName: \Device\0000003e\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 337AEAFE

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1113760863
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 2387ef34-ce79-4736-98c-9e7eb4335a5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1113760863
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 2387ef34-ce79-4736-98c-9e7eb4335a5
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 3059cf0-2a7a-43bd-88b6-112418ad1baa
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID fddb56f4-1302-4d76-87cc-e965b2aff5c4
    FirstLBA 616448  Last LBA 2459647
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b5249967-f072-4949-884e-655050a736f
    FirstLBA 2459648  Last LBA 2721791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID e2cc2be2-a39c-4909-ab2b-6892df1a041
    FirstLBA 2721792  Last LBA 934809599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 5c476232-29b5-4467-b6ca-51a0ed61d68
    FirstLBA 934809600  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008131210, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800937c4e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008131210, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008100b00, DeviceName: \Device\000001fc\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 5304  Numsec = 7797576
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3995074560 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_5304_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #3 on: September 28, 2013, 10:30:08 PM »

internet access seems fine - not sure how to check windows update or firewall. :-(

since nothing was found so I still want to run fixdamage.exe or no?

Much appreciated!
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #4 on: September 29, 2013, 07:01:24 AM »

No you don't have to run fixdamage.exe

Next:

Please create a new system restore point before continuing:
http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/

--------------------------------------

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder:  C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC



Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #5 on: September 29, 2013, 09:20:35 AM »

# AdwCleaner v3.005 - Report created 29/09/2013 at 10:13:58
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Bobbie - BARBARA
# Running from : C:\Users\Bobbie\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

  • Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Bobbie\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Bobbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5d57dfd0bc6ebf40
Key Deleted : HKLM\SOFTWARE\5d57dfd0bc6ebf40
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\6zxkmf5j.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3099 octets] - [29/09/2013 10:09:46]
AdwCleaner[S0].txt - [2844 octets] - [29/09/2013 10:13:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2904 octets] ##########


on to the next instruction! :-)
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #6 on: September 29, 2013, 09:35:19 AM »

Report as requested:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.29.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Bobbie :: BARBARA [administrator]

9/29/2013 10:24:31 AM
mbam-log-2013-09-29 (10-24-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 207516
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Bobbie\AppData\Local\Temp\7598FCB6-BAB0-7891-94F5-8A3A2EF0D46A\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Bobbie\AppData\Local\Temp\7598FCB6-BAB0-7891-94F5-8A3A2EF0D46A\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #7 on: September 29, 2013, 09:50:20 AM »

How is it???  MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #8 on: October 01, 2013, 08:44:30 AM »

Still getting pup things with MBAM scans . . . but I told her to just keep scanning. I have to print out that maintenance thing you shared yet, so busy with everything, helping them dealing with special needs kid, work & sinkhole home repairs. Will keep an eye on it.

Thanks!
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #9 on: October 01, 2013, 10:32:49 AM »

OK.....MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!