Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

I Downloaded a fake Flashplayer and Optimizer pro, HELP!

This is a discussion on I Downloaded a fake Flashplayer and Optimizer pro, HELP! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I hope one of you could help me! I clicked on a link to download a Flashplayer without checking


 
 
Thread Tools Search this Thread
Old 03-20-2013, 04:23 PM   #1
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8


Angry

Hello,
I hope one of you could help me!

I clicked on a link to download a Flashplayer without checking if the source was trustworthy (stupid, I know)
It downloaded the program which looks different from the normal Adobe Flashplayer and somehow it also downloaded a program called Optimizer pro which keeps popping up.
Now when I open the internet browser it comes up with advertising, it didn't use to.

What can I do? Can someone please guide me in this mess..

THANKS!

__________________
linn_h is offline  
Old 03-23-2013, 06:40 AM   #2
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8



BUMP PLEASE!!
help...

__________________
linn_h is offline  
Old 03-23-2013, 03:32 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,369
OS: WinXP Home, Vista, Windows 7 64bit



Hi linn_h,

I'm sorry, but we need a lot more infomation than just a description of what's wrong.

We require a comprehensive set of logs to identify and begin the removal of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-24-2013, 02:51 PM   #4
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8



hello,
here is the log of my computer.
THANKS!

GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-24 21:48:28
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a Hitachi_HTS547575A9E384 rev.JE4OA50A 698.64GB
Running: gmer.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kxloipow.sys

---- Kernel code sections - GMER 2.1 ----
.text C:\windows\System32\win32k.sys!W32pServiceTable fffff960000cd000 7 bytes [00, 51, 83, 01, 00, 4B, F2]
.text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000cd008 7 bytes [01, A3, C1, FF, 00, 50, DC]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[4496] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff97be1b32 4 bytes [BE, 97, FF, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[4496] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff97be1b3a 4 bytes [BE, 97, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4884] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4884] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4884] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[2492] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[2492] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[2492] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[16712] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[16712] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[16712] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[19292] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[19292] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[19292] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[16780] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[16780] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[16780] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[16780] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff97be1b32 4 bytes [BE, 97, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[16780] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff97be1b3a 4 bytes [BE, 97, FF, 07]
.text C:\Windows\System32\igfxpers.exe[11052] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffb367177a 4 bytes [67, B3, FF, 07]
.text C:\Windows\System32\igfxpers.exe[11052] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffb3671782 4 bytes [67, B3, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[8512] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[8512] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[8512] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[14344] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[14344] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\windows\Explorer.EXE[14344] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[8368] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[8368] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[8368] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[11180] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[11180] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[11180] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[11180] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff97be1b32 4 bytes [BE, 97, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[11180] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff97be1b3a 4 bytes [BE, 97, FF, 07]
.text C:\Windows\System32\igfxpers.exe[12592] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffb367177a 4 bytes [67, B3, FF, 07]
.text C:\Windows\System32\igfxpers.exe[12592] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffb3671782 4 bytes [67, B3, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[8652] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffacd11532 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[8652] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffacd1153a 4 bytes [D1, AC, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[8652] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffacd1165a 4 bytes [D1, AC, FF, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9200] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007ffb367177a 4 bytes [67, B3, FF, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[9200] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007ffb3671782 4 bytes [67, B3, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [19144:16048] fffff9600099d5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
__________________
linn_h is offline  
Old 03-24-2013, 08:22 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,369
OS: WinXP Home, Vista, Windows 7 64bit



Hi linn_h,

Thank you for the gmer log, but I also need the logs produced by dds.scr. Those actually contain the most important information for me.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-25-2013, 12:00 PM   #6
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8



Hello Reid,
sorry about that. Here they are:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by Adam at 21:22:01 on 2013-03-24
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.6036.3521 [GMT 0:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\dashost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 05/02/2013 22:48:59
System Uptime: 23/03/2013 18:29:56 (27 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP350V5C-A0EUK
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 671 GiB total, 611.713 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 01/03/2013 09:35:45 - Windows Update
RP10: 12/03/2013 23:02:44 - Scheduled Checkpoint
RP11: 16/03/2013 12:30:44 - Windows Update
RP12: 20/03/2013 22:34:47 - Quitado FlashPlayer
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 3 (SP3)
7-Zip 9.20 (x64 edition)
Adobe Reader X (10.1.6) MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Desktop
Bonjour
BrowserProtect
Classic Shell
CutePDF Writer 3.0
CyberLink Power2Go 8
CyberLink PowerDVD 10
D3DX10
Delta Chrome Toolbar
Delta toolbar
DomaIQ
E-POP
Easy File Share
ESET Online Scanner v3
FlashPlayer
Fotogalerie
Galerie de photos
Google Toolbar for Internet Explorer
Google Update Helper
Help Desk
Intel AppUp(SM) center
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
iTunes
K-Lite Codec Pack 9.7.0 (64-bit)
K-Lite Codec Pack 9.7.0 (Standard)
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton Online Backup
Norton Online Backup ARA
Optimizer Pro v3.0
Photo Common
Photo Gallery
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Raccolta foto
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery
S Agent
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Settings
Spotify
Support Center
Support Center FAQ
SW Update
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide
VLC media player 2.0.5
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xerox PhotoCafe
Yontoo 2.05
.
==== Event Viewer Messages From Past Week ========
.
24/03/2013 02:03:31, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
18/03/2013 23:05:07, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Home-PC\Adam SID (S-1-5-21-2066697432-486531029-1389259780-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
18/03/2013 14:59:11, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
.
==== End Of File ===========================
__________________
linn_h is offline  
Old 03-25-2013, 08:18 PM   #7
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,369
OS: WinXP Home, Vista, Windows 7 64bit



Hi linn_h,

I'm going to have to ask you to try one more time, the content of the dds.txt is not complete.

Open the dds.txt on your desktop, and at the top, click 'Edit', then 'Select All'.

Click 'Edit' again, and select 'Copy'.

Return to the Reply window here, and right click in the open area and select 'Paste'. You should now see the entire log in the reply window. Click Submit button.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 03-26-2013, 03:11 PM   #8
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8



Ok, here it is:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by Adam at 21:22:01 on 2013-03-24
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.6036.3521 [GMT 0:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\dashost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\windows\Explorer.EXE
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Adam\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\syswow64\wwahost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=6A7452B7C3626109
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify Web Helper] "C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Adam\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Yontoo Desktop] "C:\Users\Adam\AppData\Roaming\Yontoo\YontooDesktop.exe"
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54871D10-62A3-46BB-9603-3E6E772C431D} : DHCPNameServer = 100.100.0.101
TCP: Interfaces\{BD981BD1-37F2-408F-845B-37539168242F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BD981BD1-37F2-408F-845B-37539168242F}\35E61607075627F5D457379636 : DHCPNameServer = 192.168.16.3
TCP: Interfaces\{BD981BD1-37F2-408F-845B-37539168242F}\C6F6F6B6D657D6E6F68616E64637 : DHCPNameServer = 192.168.180.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\programdata\browserprotect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-11-26 645952]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2012-11-26 168608]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-11-26 92536]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-31 231040]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-3-7 168536]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-20 2569168]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-26 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-11-26 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-26 165760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-26 364416]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-20 23552]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-31 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-11-26 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-11-26 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-11-26 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-11-26 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-11-26 178840]
R3 BTATH_HID;Bluetooth HID Device;C:\windows\System32\Drivers\btath_hid.sys [2012-11-26 222360]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-11-26 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-11-26 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-11-26 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-11-26 690832]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-11-26 315536]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-03-24 21:11:48 -------- d-----w- C:\Users\Adam\AppData\Roaming\QuickScan
2013-03-24 17:07:02 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39B0F18E-46C8-49C4-AE2B-F56986AF93CE}\mpengine.dll
2013-03-24 15:12:42 -------- d-----w- C:\Program Files (x86)\ESET
2013-03-24 15:03:26 256904 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2013-03-24 12:45:44 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-24 12:45:44 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA27C5DA-A80E-4F15-941E-2E7ED7D4EF2B}\mpengine.dll
2013-03-21 23:28:38 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-03-20 22:27:05 -------- d-----w- C:\Program Files\DomaIQ Uninstaller
2013-03-20 22:26:16 -------- d-----w- C:\Users\Adam\AppData\Roaming\player
2013-03-20 22:26:16 -------- d-----w- C:\Program Files (x86)\Tuguu SL
2013-03-20 22:25:50 -------- d-----w- C:\Users\Adam\AppData\Roaming\Optimizer Pro
2013-03-20 22:25:44 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-03-20 22:25:44 -------- d-----w- C:\windows\SysWow64\Extensions
2013-03-20 22:25:41 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-03-20 22:25:40 -------- d-----w- C:\ProgramData\BrowserProtect
2013-03-20 22:25:35 -------- d-----w- C:\Users\Adam\AppData\Roaming\Yontoo
2013-03-20 22:25:35 -------- d-----w- C:\Program Files (x86)\Yontoo
2013-03-20 22:25:32 -------- d-----w- C:\Users\Adam\AppData\Roaming\BabSolution
2013-03-20 22:25:24 -------- d-----w- C:\Program Files (x86)\Delta
2013-03-20 22:24:59 -------- d-----w- C:\ProgramData\Tarma Installer
2013-03-20 22:24:54 -------- d-----w- C:\Users\Adam\AppData\Roaming\Babylon
2013-03-20 22:24:54 -------- d-----w- C:\ProgramData\Babylon
2013-03-17 13:52:07 78168 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-17 13:52:07 692568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-16 12:48:00 -------- d-----w- C:\Users\Adam\AppData\Local\Spotify
2013-03-16 12:46:37 -------- d-----w- C:\Users\Adam\AppData\Roaming\Spotify
2013-03-15 10:37:59 13643264 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-03-15 10:22:41 622080 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-03-15 10:22:41 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2013-03-15 10:22:41 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-03-15 10:22:41 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2013-03-15 00:28:05 1690624 ----a-w- C:\windows\System32\GdiPlus.dll
2013-03-15 00:28:05 1437184 ----a-w- C:\windows\SysWow64\GdiPlus.dll
2013-03-12 19:35:46 192784 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10196.bin
2013-03-10 02:59:52 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-03-07 18:42:42 5664768 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-02-27 23:28:56 443392 ----a-w- C:\windows\System32\ReAgent.dll
2013-02-27 23:28:56 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
2013-02-27 23:28:56 1010688 ----a-w- C:\windows\System32\reseteng.dll
.
==================== Find3M ====================
.
2013-03-02 08:22:18 361984 ----a-w- C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
2013-02-15 07:58:59 39936 ----a-w- C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\windows\System32\win32k.sys
2013-02-07 04:09:56 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\windows\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\windows\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\windows\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\windows\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\windows\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2013-02-05 04:58:01 1766912 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\windows\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\windows\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\windows\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\windows\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\windows\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\windows\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\windows\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\windows\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\windows\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\windows\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\windows\System32\wlroamextension.dll
2013-02-02 08:23:19 293376 ----a-w- C:\windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\windows\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\windows\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\windows\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\windows\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\windows\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\windows\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\windows\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\windows\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\windows\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\windows\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys
2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-14 03:56:14 6967016 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\windows\System32\drivers\partmgr.sys
2013-01-10 01:29:21 785504 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\windows\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\windows\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\windows\SysWow64\samlib.dll
2013-01-09 23:26:04 890880 ----a-w- C:\windows\SysWow64\msctf.dll
2013-01-09 23:26:03 436736 ----a-w- C:\windows\SysWow64\MP4SDECD.DLL
2013-01-09 23:23:32 95232 ----a-w- C:\windows\System32\wiaacmgr.exe
2013-01-09 23:23:25 2094592 ----a-w- C:\windows\System32\mmc.exe
2013-01-09 23:23:23 240640 ----a-w- C:\windows\System32\fsquirt.exe
2013-01-09 23:23:18 256000 ----a-w- C:\windows\System32\WSDMon.dll
2013-01-09 23:23:16 1964544 ----a-w- C:\windows\System32\wlidsvc.dll
2013-01-09 23:23:14 594944 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-01-09 23:23:14 406016 ----a-w- C:\windows\System32\Windows.Media.dll
2013-01-09 23:23:07 1886208 ----a-w- C:\windows\System32\setupapi.dll
2013-01-09 23:23:05 728064 ----a-w- C:\windows\System32\samsrv.dll
.
============= FINISH: 21:22:25.20 ===============
__________________
linn_h is offline  
Old 03-26-2013, 07:46 PM   #9
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,369
OS: WinXP Home, Vista, Windows 7 64bit



Hi linn_h and thank you for your efforts.

Since this is a new Windows 8 machine, I think the best thing for you to do is invoke the System Restore feature and go back to the point closest to just before you became infected.

To perform a System Restore:
  • Go to the Windows 8 Start Screen. Move your mouse to the upper corner and click the Search (looks like a magnifying glass)

  • In the Search window, type in the following:

  • Restore point

  • When the search results appear, click on the Settings category.

  • Now click on the option labeled 'Create a restore point' and the System Protection tab of the System Properties control panel will open for you.

  • To restore your computer, click on the System Restore button.

  • On the main screen for System Restore, click 'Next' and you will be shown a list of available restore points. The most recent one will be shown by default, click the 'show more restore points' to see the other dates and times you have available.
I'm seeing the following dates and times:

01/03/2013 09:35:45 - Windows Update
12/03/2013 23:02:44 - Scheduled Checkpoint
16/03/2013 12:30:44 - Windows Update
20/03/2013 22:34:47 - Quitado FlashPlayer

Click the date closest to before the problems began and follow the prompts.

Please let me know how that worked out for you.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2013, 02:16 PM   #10
Registered Member
 
Join Date: Mar 2013
Posts: 6
OS: windows 8



Thanks for all your help on this one Reid. Looks like it's all sorted out.
Cheers!
__________________
linn_h is offline  
Old 04-08-2013, 08:21 PM   #11
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,369
OS: WinXP Home, Vista, Windows 7 64bit



Glad to hear that.

Best wishes to you Linn.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:02 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts