InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Random pop-ups, slow boot up? |
|
Answer» Update: SpyHunter4 immediately detected a proxy problem and found a bunch of threats. But fixed nothing. Trial version again...
By default, pop-up blocking is enabled in your browser. If it has been disabled, go to the option menu where you can access the pop-up blocker settings I mentioned disabling active scripting removes the annoyances. But that blocks features I do want, so it's only a temporary solution. FRST log: Farbar Service Scanner Version: 21-07-2014 Ran by dhalsim (administrator) on 21-10-2014 at 20:24:07 Running from "C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FN65Z54" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. IE proxy is enabled. ProxyServer: http=127.0.0.1:32137 Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****I'm at a loss. What happens in Safe Mode?Quote from: SuperDave on October 21, 2014, 04:04:46 PM I'm at a loss. What happens in Safe Mode? FRST safe mode log: Farbar Service Scanner Version: 21-07-2014 Ran by * (administrator) on 22-10-2014 at 21:24:18 Running from "C:\Users\*\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Minimal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Nsi Service is not running. Checking service configuration: The start type of Nsi service is OK. The ImagePath of Nsi service is OK. The ServiceDll of Nsi service is OK. nsiproxy Service is not running. Checking service configuration: The start type of nsiproxy service is OK. The ImagePath of nsiproxy service is OK. tdx Service is not running. Checking service configuration: The start type of tdx service is OK. The ImagePath of tdx service is OK. afd Service is not running. Checking service configuration: The start type of afd service is OK. The ImagePath of afd service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors There is no connection to network. Attempt to access Google IP returned error. Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors IE proxy is enabled. ProxyServer: http=127.0.0.1:31729 Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****Quote C:\Users\*\AppData\Local\JREMotionSDK\CopyCronSprite.exe.I can't find any information about this file. Did you delete the .exe file? Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ********************************************** Please download MiniToolBox to Desktop and run it. Checkmark the following boxes:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 7 Home Premium x64 Ran by * on 23.10.2014 at 3:35:55,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.10.2014 at 3:38:18,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JRT safe mode log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 7 Home Premium x64 Ran by * on 23.10.2014 at 3:35:55,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.10.2014 at 3:38:18,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Though I had tried that already. If I end CopyCronSprite in task manager processes, I can't browse the internet. I get the same proxy error I get at startup until CopyCronSprite returns. I read that the only way to remove eDeals is to reinstall Windows... is my computer doomed? Quote from: SuperDave on October 22, 2014, 07:00:34 PM ********************************************** Sorry, I had overlooked this. MTB log: MiniToolBox by Farbar Version: 21-07-2014 Ran by * (administrator) on 23-10-2014 at 03:56:43 Running from "C:\Users\*\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is enabled. ProxyServer: http=127.0.0.1:19478 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= ::1 localhost 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe FE Family Controller = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled dhcpmediasense=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ** Primary Dns Suffix . . . . . . . : NODE Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Speedport_W_723V_1_36_000 Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000 Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 00-25-64-DC-D7-30 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2003:45:ee32:fd00:1c0e:8af9:2434:6674(Preferred) Temporary IPv6 Address. . . . . . : 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc(Preferred) Link-local IPv6 Address . . . . . : fe80::1c0e:8af9:2434:6674%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Donnerstag, 23. Oktober 2014 03:39:10 Lease Expires . . . . . . . . . . : Donnerstag, 13. NOVEMBER 2014 03:39:10 Default Gateway . . . . . . . . . : fe80::1%10 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 234890596 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A8-F0-57-00-25-64-DC-D7-30 DNS Servers . . . . . . . . . . . : fe80::1%10 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.Speedport_W_723V_1_36_000: Media State . . . . . . . . . . . : Media DISCONNECTED Connection-specific DNS Suffix . : Speedport_W_723V_1_36_000 Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2814:1f84:3f57:fd99(Preferred) Link-local IPv6 Address . . . . . : fe80::2814:1f84:3f57:fd99%11(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Server: UnKnown Address: fe80::1 Name: google.com Addresses: 2a00:1450:4001:80c::1009 173.194.116.97 Pinging google.com [2a00:1450:4001:80c::1009] with 32 bytes of data: Destination net unreachable. Reply from 2a00:1450:4001:80c::1009: time=29ms Ping statistics for 2a00:1450:4001:80c::1009: Packets: Sent = 2, Received = 1, LOST = 1 (50% loss), Approximate round trip times in milli-seconds: Minimum = 29ms, MAXIMUM = 29ms, Average = 29ms Server: UnKnown Address: fe80::1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=150ms TTL=51 Reply from 98.138.253.109: bytes=32 time=153ms TTL=51 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 150ms, Maximum = 153ms, Average = 151ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 10...00 25 64 dc d7 30 ......Realtek PCIe FE Family Controller 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.102 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.0 255.255.255.0 On-link 192.168.2.102 276 192.168.2.102 255.255.255.255 On-link 192.168.2.102 276 192.168.2.255 255.255.255.255 On-link 192.168.2.102 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.102 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.102 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 10 276 ::/0 fe80::1 1 306 ::1/128 On-link 11 58 2001::/32 On-link 11 306 2001:0:5ef5:79fb:2814:1f84:3f57:fd99/128 On-link 10 28 2003:45:ee32:fd00::/64 On-link 10 276 2003:45:ee32:fd00:ccb:8fd:48f0:1fcc/128 On-link 10 276 2003:45:ee32:fd00:1c0e:8af9:2434:6674/128 On-link 10 276 fe80::/64 On-link 11 306 fe80::/64 On-link 10 276 fe80::1c0e:8af9:2434:6674/128 On-link 11 306 fe80::2814:1f84:3f57:fd99/128 On-link 1 306 ff00::/8 On-link 11 306 ff00::/8 On-link 10 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== System errors: ============= Error: (10/23/2014 03:42:01 AM) (Source: Service Control Manager) (*: ) Error: (10/23/2014 03:39:12 AM) (Source: Service Control Manager) (*: ) Description: The CursorDOSIcon.exe service failed to start due to the following error: %%2 Error: (10/23/2014 03:39:08 AM) (Source: Service Control Manager) (*: ) Description: The sbapifs service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-10-16 17:54:02.314 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-16 17:54:01.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 6142.18 MB Available physical RAM: 4387.42 MB Total Pagefile: 12282.53 MB Available Pagefile: 10042.64 MB Total Virtual: 4095.88 MB Available Virtual: 3973.54 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:922.31 GB) (Free:772.49 GB) NTFS ========================= Users: ======================================== * accounts for \\** Administrator Guest * **** End of log **** Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2 Run by dhalsim at 22:27:50 on 2014-10-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.6142.3850 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Common Files\AOL\1264205368\ee\aolsoftware.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\AOL Desktop 9.6\waol.exe C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ncr uSearch Bar = Preserve mStart Page = about:blank mDefault_Page_URL = hxxp://www.google.com uProxyServer = hxxp=127.0.0.1:22643 uProxyOverride = ;*origin.com;*ea.com;*akamaihd.net uSearchAssistant = hxxp://www.google.com mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - mWinlogon: Userinit = userinit.exe, BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1264205368\ee\AOLSoftware.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe StartupFolder: C:\Users\dhalsim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} : DHCPNameServer = 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dhalsim\AppData\Roaming\Mozilla\Firefox\Profiles\h6vv95hb.default-1392679946077\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\dhalsim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\System32\C2MP\npdivx32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-2 55856] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-7 28600] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-3 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-3 203264] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-7 431920] R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-7 431920] R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-7 994552] R2 APICursorUtility;APICursorUtility;C:\Windows\SysWOW64\APICursorUtility\APICursorUtility.exe [2014-10-16 68096] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-7 119272] R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-9-23 160560] R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176] R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 GUIInteractiveRuntime;GUIInteractiveRuntime;C:\Windows\SysWOW64\GUIInteractiveRuntime\GUIInteractiveRuntime.exe [2014-10-14 68096] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-16 1871160] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-16 968504] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 656624] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-3-18 74320] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-3-18 13392] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-16 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-16 129752] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-16 63704] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 CursorDOSIcon.exe;CursorDOSIcon.exe;C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe --> C:\Users\dhalsim\AppData\Local\CursorDOSIcon\CursorDOSIcon.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136] S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992] S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-7 1255736] . =============== Created Last 30 ================ . 2014-10-18 22:00:19--------d-----w-C:\Program Files (x86)\ESET 2014-10-17 23:28:21--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-10-17 23:13:1898216----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-10-17 11:25:1111578928----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{644E2CED-B6F4-4BE7-BA34-BF4A49016B30}\mpengine.dll 2014-10-16 19:34:04129752----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-10-16 19:33:4492888----a-w-C:\Windows\System32\drivers\mbamchameleon.sys 2014-10-16 19:33:4463704----a-w-C:\Windows\System32\drivers\mwac.sys 2014-10-16 19:33:4425816----a-w-C:\Windows\System32\drivers\mbam.sys 2014-10-16 19:33:44--------d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-16 17:28:26--------d-----w-C:\ProgramData\HitmanPro 2014-10-16 15:57:48--------d-sh--w-C:\$RECYCLE.BIN 2014-10-16 15:43:4398816----a-w-C:\Windows\sed.exe 2014-10-16 15:43:43256000----a-w-C:\Windows\PEV.exe 2014-10-16 15:43:43208896----a-w-C:\Windows\MBR.exe 2014-10-16 15:43:26--------d-----w-C:\ComboFix 2014-10-16 11:55:09--------d-----w-C:\Users\dhalsim\AppData\Local\ESET 2014-10-16 11:35:50--------d-----w-C:\Windows\ERUNT 2014-10-16 11:26:50--------d-----w-C:\ProgramData\BoostSoftware 2014-10-16 02:18:493241472----a-w-C:\Windows\System32\msi.dll 2014-10-15 22:04:22--------d-----w-C:\Windows\SysWow64\APICursorUtility 2014-10-15 22:01:46--------d-----w-C:\AdwCleaner 2014-10-15 17:39:12--------d-----w-C:\Users\dhalsim\AppData\Roaming\QuickScan 2014-10-14 20:14:16--------d-----w-C:\Users\dhalsim\AppData\Roaming\LavasoftStatistics 2014-10-14 19:00:23--------d-----w-C:\Users\dhalsim\AppData\Local\CheckCode 2014-10-14 19:00:21--------d-----w-C:\Windows\SysWow64\GUIInteractiveRuntime 2014-10-07 13:12:19--------d-----w-C:\ProgramData\BlueStacksSetup 2014-10-07 13:12:18--------d-----w-C:\Users\dhalsim\AppData\Local\Bluestacks 2014-10-01 06:19:53519680----a-w-C:\Windows\SysWow64\qdvd.dll 2014-10-01 06:19:53371712----a-w-C:\Windows\System32\qdvd.dll 2014-09-24 10:23:132048----a-w-C:\Windows\System32\tzres.dll 2014-09-24 10:23:122048----a-w-C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2014-10-17 11:28:3171344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-10-17 11:28:31701104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2014-10-10 02:05:59276480----a-w-C:\Windows\System32\generaltel.dll 2014-10-10 02:05:42507392----a-w-C:\Windows\System32\aepdu.dll 2014-10-10 02:00:38424448----a-w-C:\Windows\System32\aeinv.dll 2014-10-07 08:18:2543064----a-w-C:\Windows\System32\drivers\avnetflt.sys 2014-10-07 08:18:24119272----a-w-C:\Windows\System32\drivers\avgntflt.sys 2014-09-29 00:58:483198976----a-w-C:\Windows\System32\win32k.sys 2014-09-25 22:32:042017280----a-w-C:\Windows\SysWow64\inetcpl.cpl 2014-09-25 22:31:022108416----a-w-C:\Windows\System32\inetcpl.cpl 2014-09-19 01:56:022724864----a-w-C:\Windows\System32\mshtml.tlb 2014-09-19 01:55:494096----a-w-C:\Windows\System32\ieetwcollectorres.dll 2014-09-19 01:40:4366048----a-w-C:\Windows\System32\iesetup.dll 2014-09-19 01:40:03547328----a-w-C:\Windows\System32\vbscript.dll 2014-09-19 01:39:5848640----a-w-C:\Windows\System32\ieetwproxystub.dll 2014-09-19 01:38:2783968----a-w-C:\Windows\System32\MshtmlDac.dll 2014-09-19 01:36:575829632----a-w-C:\Windows\System32\jscript9.dll 2014-09-19 01:26:00139264----a-w-C:\Windows\System32\ieUnatt.exe 2014-09-19 01:25:49111616----a-w-C:\Windows\System32\ieetwcollector.exe 2014-09-19 01:25:124201472----a-w-C:\Windows\SysWow64\jscript9.dll 2014-09-19 01:25:09758272----a-w-C:\Windows\System32\jscript9diag.dll 2014-09-19 01:18:02940032----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-19 01:14:572724864----a-w-C:\Windows\SysWow64\mshtml.tlb 2014-09-19 01:06:4772704----a-w-C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-09-19 01:02:07454656----a-w-C:\Windows\SysWow64\vbscript.dll 2014-09-19 01:01:4761952----a-w-C:\Windows\SysWow64\iesetup.dll 2014-09-19 01:01:0351200----a-w-C:\Windows\SysWow64\ieetwproxystub.dll 2014-09-19 00:59:4061952----a-w-C:\Windows\SysWow64\MshtmlDac.dll 2014-09-19 00:50:16112128----a-w-C:\Windows\SysWow64\ieUnatt.exe 2014-09-19 00:49:31597504----a-w-C:\Windows\SysWow64\jscript9diag.dll 2014-09-19 00:40:121249280----a-w-C:\Windows\System32\mshtmlmedia.dll 2014-09-19 00:36:2360416----a-w-C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-09-19 00:33:182309632----a-w-C:\Windows\System32\wininet.dll 2014-09-19 00:18:551068032----a-w-C:\Windows\SysWow64\mshtmlmedia.dll 2014-09-18 23:59:111810944----a-w-C:\Windows\SysWow64\wininet.dll 2014-09-18 01:32:522363904----a-w-C:\Windows\SysWow64\msi.dll 2014-09-15 07:06:02278152------w-C:\Windows\System32\MpSigStub.exe 2014-09-13 01:58:1877312----a-w-C:\Windows\System32\packager.dll 2014-09-13 01:40:0567072----a-w-C:\Windows\SysWow64\packager.dll 2014-09-04 05:23:20424448----a-w-C:\Windows\System32\rastls.dll 2014-09-04 05:04:15372736----a-w-C:\Windows\SysWow64\rastls.dll 2014-08-29 02:07:1344032----a-w-C:\Windows\System32\tsgqec.dll 2014-08-29 02:07:133179520----a-w-C:\Windows\System32\rdpcorets.dll 2014-08-29 02:07:125780480----a-w-C:\Windows\System32\mstscax.dll 2014-08-29 02:07:10322560----a-w-C:\Windows\System32\aaclient.dll 2014-08-29 02:06:471125888----a-w-C:\Windows\System32\mstsc.exe 2014-08-29 01:44:5237376----a-w-C:\Windows\SysWow64\tsgqec.dll 2014-08-29 01:44:514922368----a-w-C:\Windows\SysWow64\mstscax.dll 2014-08-29 01:44:49269312----a-w-C:\Windows\SysWow64\aaclient.dll 2014-08-29 01:44:191050112----a-w-C:\Windows\SysWow64\mstsc.exe 2014-08-23 02:07:00404480----a-w-C:\Windows\System32\gdi32.dll 2014-08-23 01:45:55311808----a-w-C:\Windows\SysWow64\gdi32.dll 2014-08-01 11:53:221031168----a-w-C:\Windows\System32\TSWorkspace.dll 2014-08-01 11:35:06793600----a-w-C:\Windows\SysWow64\TSWorkspace.dll 2014-07-25 00:35:46875688----a-w-C:\Windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47:06869544----a-w-C:\Windows\System32\msvcr120_clr0400.dll 2009-04-28 20:20:06236016----a-w-C:\Program Files (x86)\primosdk.DLL . ============= FINISH: 22:28:42,67 =============== Question: Is there a method behind the programs you're having me use? I had tried most of them before. And my logs are almost always left uncommented. Like the files I find suspicious. I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one.Quote from: SuperDave on October 23, 2014, 11:08:21 AM I'm looking for some program that is causing that problem. You said it's running in Task Manager yet I can't find any information about it. The DDS should have produced two logs. I need to see the other one. Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 08.12.2009 19:40:58 System Uptime: 19.10.2014 22:08:18 (0 hours ago) . Motherboard: Dell Inc. | | 0N826N Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 922 GiB total, 771,931 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN Miniport (ATW) Device ID: ROOT\NET\0001 Manufacturer: America Online, Inc. Name: WAN Miniport (ATW) #2 PNP Device ID: ROOT\NET\0001 Service: wanatw . ==== System Restore Points =================== . RP483: 14.10.2014 11:54:47 - Windows Update RP484: 14.10.2014 22:09:34 - AA11 RP485: 15.10.2014 23:43:49 - AA11 RP486: 16.10.2014 04:12:19 - Windows Update RP487: 16.10.2014 16:44:49 - Windows Update RP488: 16.10.2014 19:34:30 - Checkpoint by HitmanPro RP489: 16.10.2014 19:34:59 - Checkpoint by HitmanPro RP490: 18.10.2014 01:12:05 - Removed Java 7 Update 67 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.09) AIM 7 Amazon MP3 Downloader 1.0.17 AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Software Update ATI Catalyst Control Center Audacity 2.0.2 Avira Avira Free Antivirus Avira SearchFree Toolbar CameraHelperMsi Canon MP Navigator EX 1.2 Canon MP190 series Benutzerregistrierung Canon MP190 series MP Drivers Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Turkish CuteFTP 8 Home D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide erLT ESET Online Scanner v3 FFmpeg v0.6.2 for Audacity FileZilla Client 3.6.0.2 FreeOCR 3.0 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Japanese Fonts Support For Adobe Reader X Java 8 Update 25 Java Auto Updater Junk Mail filter update LAME v3.99.3 (for Windows) Logitech SetPoint 6.1 Logitech Unifying Software 2.10 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 2.0.3.1025 Media Player Codec Pack 3.9.1 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 32.0.3 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 PowerDVD DX QuickTime 7 Realtek High Definition Audio Driver Roxio Burn Roxio Update Manager RTC Client API v1.2 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition Skins Skype Click to Call Skype™ 6.18 Uninstall AOL Emergency Connect Utility 1.0 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player Winamp Winamp Application Detect Winamp Essentials Pack Windows 7 Codec Pack 2.3.0 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 19.10.2014 22:22:25, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252. 19.10.2014 22:11:08, Error: Service Control Manager [7022] - The JREMotionSDK.exe service hung on starting. 19.10.2014 22:08:58, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D3CE513-1A5B-4E60-BACF-CA4190880BFF} because another computer on the network has the same name. The server could not start. 19.10.2014 22:08:58, Error: NetBT [4321] - The name "*-PC :20" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer. 19.10.2014 22:08:31, Error: Service Control Manager [7000] - The CursorDOSIcon.exe service failed to start due to the following error: The system cannot find the file specified. 19.10.2014 22:08:29, Error: NetBT [4321] - The name "*-PC :0" could not be registered on the interface with IP address 192.168.2.102. The computer with the IP address 192.168.2.105 did not allow the name to be claimed by this computer. 19.10.2014 12:37:28, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [emailprotected] 19.10.2014 02:02:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 18.10.2014 14:25:41, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: After starting, the service hung in a start-pending state. 18.10.2014 14:25:37, Error: Service Control Manager [7022] - The Avira Real-Time Protection service hung on starting. 18.10.2014 14:25:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 18.10.2014 03:36:51, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully.. 18.10.2014 03:36:38, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 17.10.2014 01:33:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect. 16.10.2014 17:54:36, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 16.10.2014 17:54:02, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:52:54, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:51:16, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:48:30, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The GUIInteractiveRuntime service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:45:48, Error: Service Control Manager [7031] - The APICursorUtility service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 16.10.2014 17:42:45, Error: Service Control Manager [7031] - The JREMotionSDK.exe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 16.10.2014 17:00:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664). 16.10.2014 13:53:24, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== I ran a bunch of programs in safe mode again. When I started Windows CopyCronSprite was gone and browsers were working normally! I could connect to the internet, even though I still got that suspicious load symbol over my network. Thinking this was too good to be true, I restarted my computer. But all the old the problems returned immediately... proxy errors when trying to connect to the internet until CopyCronSprite activated itself, browsers covered in eDeals ads... Sigh.Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer.Quote from: SuperDave on October 23, 2014, 01:12:35 PM Well, it's official. I'm stumped. I see no sign of edeals on your computer. Could it be an add-on in your browsers? I'm afraid I cannot do much more to help with this problem without sitting in front of your computer. I'm going to thank you for your time and effort anyway I could delete JREMotionSDK\CopyCronSprite.exe, but I'm afraid I won't be able to connect to the internet. Disabling it in Services or just having it in the Recycle Bin blocks bin my connection. My network will say I'm connected, but the proxy will refuse until CopyCronSprite.exe comes up... Could you remove the logs I posted? |
|
