Author Topic: [Resolved] About blank and Shopping Deals Viruses  (Read 4553 times)

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
[Resolved] About blank and Shopping Deals Viruses
« on: July 25, 2015, 05:55:21 PM »
Over the last few days these viruses have appeared. I have run adwcleaner, JTR, malwarebytes, and ccleaner several times but the viruses remain. I tried to paste the dds.txt and attach.zip files to this message, but can't figure out how to do so. Instead I have attached them. Hope you can help!

« Last Edit: July 25, 2015, 06:25:34 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #1 on: July 25, 2015, 06:29:49 PM »
Hello, it is Hoov again.

Open the logs in notepad and select the entire text and then hit ctrl-v (or right click on the highlighted text and select copy) and then click in the reply box here and click ctrl-c (or right click on the reply box and select paste). That should copy and paste the log into the reply box. Then all you need to do is hit Post.

Can you boot your computer into safe mode? What browser are you using?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #2 on: July 26, 2015, 10:56:08 AM »
Hi, Hoov,

Glad I got you to help again. I can boot up in safe mode and I am using Google Chrome Version 44.0.2403.107 m as my browser.

Here is the DDS.TXT file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909
Run by Vic at 19:20:27 on 2015-07-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8109.5094 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\vspc1330.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\PLF1330.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Users\Vic\AppData\Local\Google\Chrome Frame\Application\32.0.1700.76\chrome_frame_helper.exe
C:\Users\Vic\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Vic\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Kodak\MediaImpression SE\ArcMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WinZip\FAH\FAHWindow64.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Users\Vic\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coNatHst.exe
C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\nacl64.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = about:blank
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mWinlogon: Userinit = userinit.exe,
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
uRun: [QuickenBillminder] C:\Program Files (x86)\Quicken\Billmind.exe -startup
uRun: [Google Update] "C:\Users\Vic\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Dropbox Update] "C:\Users\Vic\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [ChromeFrameHelper] "C:\Users\Vic\AppData\Local\Google\Chrome Frame\Application\32.0.1700.76\chrome_frame_helper.exe" --startup
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\Vic\AppData\Local\Akamai\netsession_win.exe"
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session https://www-secure.symantec.com/norton-support/index.jsp?utm_source=symc&utm_medium=product&helpid=idss_welcome&entsrc=help&product=Norton%20Identity%20Safe&version=2014.7.0.47&plang=sym:EN&layouttype=&buildname=&heartbeatID=ED8A4C38-2883-4705-A4FA-D283F126923A&hbguid=ED8A4C38-2883-4705-A4FA-D283F126923A&layout=&lg=0901&partnername=&osversion=6.1%207601.18409.amd64fre.win7sp1_gdr.140303-2144&osvers=6.1&oslocale=iso:USA&oslang=iso:ENG&os=windows&spversion=1.0&ct=United%20States&defbrowser=Chrome&ieversion=9.11.9600.17420&coreservice=Startup%20Type:auto%20State:Running&conntype=100000000&cpu=Intel64%20Family%206%20Model%2060%20Stepping%203&dsfree=418.73&dstotal=773.79&memload=29&memtotal=6896&hcmode=false&datetime=11-15-2014%2016:04:34%20PM%20GMT
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression SE\ArcMonitor.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Vic\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vic\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAH\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/021eee09f3362e86c815/netzip/RdxIE601.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxp://cs7b.instantservice.com/jars/customerxsigned35.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.0/jinstall-1_3_0-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
TCP: NameServer = 192.168.1.1 207.172.11.72 207.172.11.73
TCP: Interfaces\{43399D3C-E37D-4919-9BBD-434B3C14C124} : DHCPNameServer = 192.168.1.1 207.172.11.72 207.172.11.73
TCP: Interfaces\{654C9F28-A6EA-4B7D-A04F-8198B8DB69E0} : DHCPNameServer = 192.168.1.1 207.172.11.72 207.172.11.73
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Vic\AppData\Local\Google\Chrome Frame\Application\32.0.1700.76\npchrome_frame.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: UPnPMonitor - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SPC1330] C:\Windows\vspc1330.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
x64-Run: [PLF1330] C:\Windows\PLF1330.exe
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-23 666984]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-23 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-23 20464]
R0 mfedisk;McAfee AAC Disk Filter Driver;C:\Windows\System32\drivers\mfedisk.sys [2015-2-17 101872]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-6-20 864072]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-6-20 340448]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccsetx64.sys [2015-5-24 162392]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-1-23 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-7-3 312448]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-6-9 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-7 340744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-30 14696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-1-23 169432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-7-22 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-11-7 753768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [2015-4-8 207344]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-7 340744]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-7 340744]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-7 340744]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-11-7 340744]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-7-15 76064]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-11-7 232656]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-7-15 372144]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-11-7 250672]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe [2015-5-24 131144]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-1-23 246488]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2014-1-23 1915920]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-9-2 790368]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-6-11 20648]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-1-23 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-7-3 89800]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-7-3 347336]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-7-3 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-7-3 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-7-3 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-7-3 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-7-3 137928]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-7-3 589000]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-6-20 68784]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-23 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-23 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-20 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 401736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-6-20 337888]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-6-20 488000]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-1-16 482600]
R3 phaudlwr;Philips Audio Filter;C:\Windows\System32\drivers\phaudlwr.sys [2009-10-20 114608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-1-23 263896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-23 849992]
R3 SPC1330;USB2.0 PC Camera (SPC1330);C:\Windows\System32\drivers\spc1330.sys [2010-1-5 3297792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-4 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-3 327296]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-1-23 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-15 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-23 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-4 63704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-1-16 100720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== File Associations ===============
.
ShellExec: QuickTimePlayer.exe: open=C:\PROGRA~2\QUICKT~1\QUICKT~1.EXE "%1"
.
=============== Created Last 30 ================
.
2015-07-25 18:42:26   0   ----a-w-   C:\Windows\SysWow64\REN647C.tmp
2015-07-25 17:09:13   --------   d-----w-   C:\Windows\pss
2015-07-25 01:20:05   28600   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\cxaadji.dll
2015-07-25 01:20:05   25152   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\khaadjf.dll
2015-07-25 01:20:05   23616   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\mnhjrel.dll
2015-07-25 01:20:05   15840   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\vqaadjh.dll
2015-07-25 01:20:05   151032   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\ncaadjg.dll
2015-07-25 01:20:05   12784   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\wqaadjj.dll
2015-07-25 01:12:24   116736   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\engine_vx.dll
2015-07-25 01:12:15   28248   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\qwadjb.dll
2015-07-25 01:12:15   18724   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\bass.dll
2015-07-25 01:12:15   16952   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\1eaadjc.dll
2015-07-25 01:12:15   14904   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\rsaadjd.dll
2015-07-25 01:12:15   12976   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\mjcriu.dll
2015-07-25 01:12:15   10808   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\kfgresk.dll
2015-07-25 01:12:15   10296   ----atw-   C:\Users\Vic\AppData\Roaming\Microsoft\peaadje.dll
2015-07-24 17:07:56   12222168   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9F3A2201-D05A-4CE7-9286-BF014F7444CF}\mpengine.dll
2015-07-22 19:01:55   493504   ----a-w-   C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-22 15:55:12   --------   d-----w-   C:\Program Files\Common Files\AV
2015-07-22 14:52:24   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2015-07-22 14:52:24   41984   ----a-w-   C:\Windows\System32\lpk.dll
2015-07-22 14:52:24   372224   ----a-w-   C:\Windows\System32\atmfd.dll
2015-07-22 14:52:24   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2015-07-22 14:52:24   299008   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2015-07-22 14:52:24   14336   ----a-w-   C:\Windows\System32\dciman32.dll
2015-07-22 14:52:24   10240   ----a-w-   C:\Windows\SysWow64\dciman32.dll
2015-07-22 14:52:24   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2015-07-22 14:52:23   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2015-07-22 14:52:23   25600   ----a-w-   C:\Windows\SysWow64\lpk.dll
2015-07-20 18:05:00   --------   d-----w-   C:\ProgramData\GridinSoft
2015-07-20 17:45:20   --------   d-----w-   C:\Program Files\CCleaner
2015-07-20 00:37:11   12872   ----a-w-   C:\Windows\System32\bootdelete.exe
2015-07-20 00:16:04   --------   d-----w-   C:\ProgramData\HitmanPro
2015-07-19 22:53:17   --------   d-----w-   C:\AdwCleaner
2015-07-17 22:17:56   --------   d-----w-   C:\Program Files\Rockstar Games
2015-07-17 18:20:35   --------   d-----w-   C:\Users\Vic\AppData\Local\CEF
2015-07-15 23:20:36   76064   ----a-w-   C:\Windows\System32\drivers\McPvDrv.sys
2015-07-15 23:20:01   197704   ----a-w-   C:\Windows\System32\drivers\HipShieldK.sys
2015-07-15 16:52:59   229376   ----a-w-   C:\Windows\System32\wintrust.dll
2015-07-11 22:41:22   --------   d-----w-   C:\Users\Vic\AppData\Roaming\16202
2015-07-09 14:20:52   --------   d-----w-   C:\Program Files (x86)\Dell Update
2015-07-05 20:16:08   --------   d-----w-   C:\Program Files (x86)\MeggieSoft Games
2015-07-04 14:56:37   --------   d-----w-   C:\Users\Vic\AppData\Local\CamCapture
2015-07-04 14:42:10   92208   ----a-w-   C:\Windows\system\WING.DLL
2015-07-04 14:42:10   12800   ----a-w-   C:\Windows\system\wing32.dll
2015-07-03 18:21:22   92208   ----a-w-   C:\Windows\SysWow64\WING.DLL
2015-07-03 18:21:22   6736   ----a-w-   C:\Windows\SysWow64\WINGDIB.DRV
2015-07-03 18:21:22   188960   ----a-w-   C:\Windows\SysWow64\WINGDE.DLL
2015-07-03 18:21:22   12800   ----a-w-   C:\Windows\SysWow64\wing32.dll
2015-07-03 15:33:17   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-03 15:33:17   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-03 15:33:17   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-03 15:33:17   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-03 15:33:17   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-03 05:09:00   207544   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-07-01 21:45:31   --------   d-----w-   C:\ProgramData\SSScanWizard
2015-07-01 21:45:31   --------   d-----w-   C:\ProgramData\SSScanAppDataDir
.
==================== Find3M  ====================
.
2015-07-25 22:54:18   113880   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-09 17:59:59   17856   ----a-w-   C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56   192000   ----a-w-   C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55   3154944   ----a-w-   C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41   726528   ----a-w-   C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34   91136   ----a-w-   C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:31   765440   ----a-w-   C:\Windows\System32\invagent.dll
2015-07-09 17:58:26   433664   ----a-w-   C:\Windows\System32\devinv.dll
2015-07-09 17:58:25   12288   ----a-w-   C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24   1085440   ----a-w-   C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23   67584   ----a-w-   C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20   37376   ----a-w-   C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11   1145856   ----a-w-   C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25   93184   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25   173056   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47   34816   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11   2087424   ----a-w-   C:\Windows\System32\ole32.dll
2015-07-04 17:48:36   1414656   ----a-w-   C:\Windows\SysWow64\ole32.dll
2015-07-03 15:31:54   778416   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-03 15:31:54   142512   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-02 21:08:53   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03   155584   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42   342016   ----a-w-   C:\Windows\System32\schannel.dll
2015-07-01 20:49:42   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-07-01 20:49:41   1216512   ----a-w-   C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22   315392   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11   729088   ----a-w-   C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34   44032   ----a-w-   C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-07-01 20:47:38   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-07-01 20:47:18   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27   552960   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21   36864   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34   665088   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34   159232   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43   290816   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37   129024   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26   5923840   ----a-w-   C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37   4520448   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44   3207168   ----a-w-   C:\Windows\System32\win32k.sys
2015-06-23 17:30:20   300704   ------w-   C:\Windows\System32\MpSigStub.exe
2015-06-20 20:06:50   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09   417792   ----a-w-   C:\Windows\System32\html.iec
2015-06-20 19:49:08   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01   2427392   ----a-w-   C:\Windows\System32\wininet.dll
2015-06-19 18:25:41   504320   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43   1951232   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-06-18 12:41:56   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-06-18 12:41:44   109272   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 12:41:40   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-06-17 17:47:05   404992   ----a-w-   C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03   312320   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2015-06-17 04:23:50   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-17 04:23:50   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2015-06-15 21:50:42   112064   ----a-w-   C:\Windows\System32\consent.exe
2015-06-15 21:45:42   504320   ----a-w-   C:\Windows\System32\msihnd.dll
.
============= FINISH: 19:21:41.25 ===============

I tried the same technique you suggested with the Attach.txt file also, but when I tried to post this message it is rejected as too large.


Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #3 on: July 26, 2015, 09:01:48 PM »
Go ahead and split the file in half.

Start the computer up in safe mode and see how it runs. Also while you are in safe mode run a scan with Malwarebytes' Anti-Malware and fix anything it finds. Post the log if it finds nothing, and if it does find something, fix it and then post the resulting log.

Also look in the system tray and tell me if there is anything there that you do not need running, or if there is something there that you do not know what it is.

The two "virus's" that you have, what told you that? Is there a log? If there is, please post that. Just as an FYI, About:Blank is not always a virus. I have my browsers start on a blank page on purpose.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #4 on: July 27, 2015, 08:39:42 AM »
Hi,

I noticed that About Blank began appearing more and more, especially after McAfee Site Advisor warned me about the danger of a site I was being redirected to. I would select "back" and the about blank window would appear (so maybe this is not a virus). A few days ago I began getting scrolling ads at the top of my browser as well as more ads at the bottom of the screen, which I can close. Both groups of ads say they are sponsored by "Shopping Deals" which a Google search defined as a virus. There is nothing unusual in my system tray, but Dell Update appears every time I boot up. I can close it, but not remove it. I also ran Adwcleaner while in Safe Mode. Here is the log:

# AdwCleaner v4.208 - Logfile created 27/07/2015 at 10:06:00
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Vic - VIC-INSPIRON
# Running from : C:\Users\Vic\Downloads\adwcleaner_4.208 (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v44.0.2403.107

[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtA0D0DzyyEzy0EyC0EyBtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCyByByBtB0C0D0EtGzz0E0D0DtGzy0ByE0AtGtD0C0B0FtGtCtAtAyC0Ezz0B0C0B0B0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyByEzyzy0EzyyDtGtC0AyBtCtGyE0EtCyBtGzytCzyyEtGyC0A0CzyyD0E0BtByB0A0D0C2Q&cr=510998737&ir=
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={C9D28F78-1275-4610-AFB5-3372E5C3A015}&mid=bbb7bce4c59047d0994fd1438bfbd91c-a67fe92e4fba80df639515abc46dac3b8ce40d37&lang=en&ds=AVG&pr=fr&d=2012-07-21 23:24:25&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [15027 bytes] - [19/07/2015 18:53:25]
AdwCleaner[R1].txt - [2280 bytes] - [20/07/2015 13:06:10]
AdwCleaner[R2].txt - [2398 bytes] - [25/07/2015 13:43:04]
AdwCleaner[R3].txt - [2516 bytes] - [25/07/2015 14:52:05]
AdwCleaner[R4].txt - [2495 bytes] - [25/07/2015 18:54:53]
AdwCleaner[R5].txt - [1472 bytes] - [25/07/2015 19:04:47]
AdwCleaner[R6].txt - [2731 bytes] - [27/07/2015 10:05:26]
AdwCleaner[S0].txt - [14164 bytes] - [19/07/2015 18:58:43]
AdwCleaner[S1].txt - [2356 bytes] - [20/07/2015 13:07:10]
AdwCleaner[S2].txt - [2474 bytes] - [25/07/2015 13:43:48]
AdwCleaner[S3].txt - [2592 bytes] - [25/07/2015 14:52:47]
AdwCleaner[S4].txt - [2569 bytes] - [25/07/2015 18:55:25]
AdwCleaner[S5].txt - [1538 bytes] - [25/07/2015 19:05:21]
AdwCleaner[S6].txt - [2666 bytes] - [27/07/2015 10:06:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2725  bytes] ##########

Here is the anti-Malware log:

Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Here is part of the Attach.txt file:

Time Zone Data Update Tool for Microsoft Office Outlook
Toy Golf
Tropical Poker Special Edition
Video Screen Trapper PRO
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Vocabulary Master
VUDU To Go
WebCam Live! Product Registration
WebIQ Client Software
WildTangent Games
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Mobile Device Center
WinZip 19.5
WordWeb
wwtbam
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Photos Easy Upload Tool 1v7
YanCEyWare Tangrams
Zinio Reader 4

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #5 on: July 27, 2015, 10:41:15 AM »
In Chrome (I am assuming you are using Chrome), go to the settings and then to the extensions and disable ALL the extensions, then restart Chrome and see if the ad issue is still there.

Also go to the control panel in Windows and then to internet options and to the connections tab and then click on the LAN settings Button. Now uncheck all the boxes in that tab. Then click apply then OK and then reboot the computer. Let me know if there is any change.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #6 on: July 27, 2015, 11:35:45 AM »
Hi,

Since running the scans in Safe Mode I have not had a problem with Shopping Deals appearing. I disabled all extensions in Chrome and also had no problems. Then I added each extension, one at a time, and had no problems after each one was enabled. I currently have CCleaner running and believe that Hitman2 is also running in the background. I will continue to run things as they are now and see what happens. Just in case, here is the rest of the Attach.txt file.

Thanks,
Vic

==== Event Viewer Messages From Past Week ========
.
7/25/2015 7:09:32 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7000]  - The Net Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:06:06 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/25/2015 7:05:22 PM, Error: Service Control Manager [7031]  - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/25/2015 7:05:21 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:21 PM, Error: Service Control Manager [7034]  - The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:21 PM, Error: Service Control Manager [7031]  - The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:21 PM, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell SupportAssist Agent service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/25/2015 7:05:20 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/25/2015 7:05:19 PM, Error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:19 PM, Error: Service Control Manager [7031]  - The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Realtek Audio Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The AtherosSvc service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2015 7:04:54 PM, Error: Service Control Manager [7034]  - The Windows Event Log service terminated unexpectedly.  It has done this 3 time(s).
7/25/2015 7:04:54 PM, Error: Service Control Manager [7023]  - The Windows Event Log service terminated with the following error:  The authentication service is unknown.
7/25/2015 7:04:23 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:04:19 PM, Error: Service Control Manager [7024]  - The Windows Mobile-based device connectivity service terminated with service-specific error %%-2147014789.
7/25/2015 7:04:19 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147012892
7/25/2015 7:04:19 PM, Error: Service Control Manager [7001]  - The Windows Mobile-2003-based device connectivity service depends on the Windows Mobile-based device connectivity service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:04:07 PM, Error: Service Control Manager [7034]  - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:04:05 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014789.
7/25/2015 7:04:05 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x8007277B.
7/25/2015 7:03:54 PM, Error: Service Control Manager [7024]  - The Network Location Awareness service terminated with service-specific error %%-1073741502.
7/25/2015 7:03:54 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:02:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
7/25/2015 7:02:54 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:02:05 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The service has not been started.
7/25/2015 7:01:58 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  A system call has failed.
7/25/2015 7:01:57 PM, Error: Service Control Manager [7023]  - The IKE and AuthIP IPsec Keying Modules service terminated with the following error:  A specified authentication package is unknown.
7/25/2015 7:01:57 PM, Error: Service Control Manager [7023]  - The DNS Client service terminated with the following error:  A system call has failed.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:01:24 PM, Error: Service Control Manager [7023]  - The IP Helper service terminated with the following error:  The service has not been started.
7/25/2015 7:01:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
7/25/2015 7:01:03 PM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:00:48 PM, Error: Service Control Manager [7023]  - The Diagnostics Tracking Service service terminated with the following error:  %%-2147467259
7/25/2015 7:00:45 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024882
7/25/2015 7:00:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V4 service to connect.
7/25/2015 7:00:43 PM, Error: Service Control Manager [7000]  - The Adobe Active File Monitor V4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:00:39 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
7/25/2015 7:00:37 PM, Error: Service Control Manager [7022]  - The TCP/IP NetBIOS Helper service hung on starting.
7/25/2015 7:00:37 PM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The authentication service is unknown.
7/25/2015 7:00:35 PM, Error: Service Control Manager [7022]  - The DHCP Client service hung on starting.
7/25/2015 6:59:13 PM, Error: Service Control Manager [7023]  - The WLAN AutoConfig service terminated with the following error:  The authentication service is unknown.
7/25/2015 6:59:13 PM, Error: Microsoft-Windows-WLAN-AutoConfig [4002]  - WLAN AutoConfig service has failed to start. Error Code: 1747
7/25/2015 6:59:11 PM, Error: Service Control Manager [7022]  - The System Event Notification Service service hung on starting.
7/25/2015 6:55:53 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The system cannot find the path specified.
7/25/2015 6:55:24 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 6:55:24 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/25/2015 6:55:21 PM, Error: Service Control Manager [7034]  - The Adobe Active File Monitor V4 service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 6:54:18 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Type with the following error:  Access is denied.
7/25/2015 2:53:16 PM, Error: Service Control Manager [7038]  - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/25/2015 2:53:16 PM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not start due to a logon failure.
7/25/2015 2:53:15 PM, Error: Service Control Manager [7038]  - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/25/2015 2:53:15 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.
7/25/2015 2:48:30 PM, Error: volsnap [27]  - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
7/25/2015 2:47:51 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
7/25/2015 2:32:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
7/25/2015 2:31:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80066e6660, 0xfffff8000295e740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072515-147873-01.
7/25/2015 2:31:17 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/25/2015 1:46:22 PM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The system cannot find the file specified.
7/24/2015 6:43:29 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/24/2015 1:01:59 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
7/24/2015 1:01:29 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/22/2015 3:02:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - Intel(R) HD Graphics 4400.
7/22/2015 10:44:41 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2015 10:43:04 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
7/22/2015 10:43:04 AM, Error: Service Control Manager [7000]  - The Dell SupportAssist Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/20/2015 3:06:05 PM, Error: Service Control Manager [7034]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).
7/20/2015 12:11:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
7/20/2015 1:07:06 PM, Error: Service Control Manager [7031]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7034]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).
7/19/2015 6:59:32 PM, Error: Service Control Manager [7034]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 3 time(s).
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:58:44 PM, Error: Service Control Manager [7031]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:58:43 PM, Error: Service Control Manager [7031]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #7 on: July 27, 2015, 05:01:58 PM »
You have bigtime problems. I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #8 on: July 27, 2015, 06:18:20 PM »
Spywarehammer won't let me upload combined or separate files. Says takes too long or too big.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #9 on: July 28, 2015, 09:39:16 AM »
No worries. I will be sending you a PM in a few minutes with instructions on what to do with them.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #10 on: August 03, 2015, 03:42:22 PM »
Sorry for the delay. After looking at your event viewer logs, I am not sure what problems are being caused by Windows, and what is being caused by malware. We are just going to have to start hacking at this.

download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop. Make sure your AV protection is turned OFF before running the tool....

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"





From the main GUI do the following:


Select Tab 3 and allow it to run Disk check





Select Tab 4 and allow it to run SFC





Select Tab 5 and Create System Restore Point





Select Start Repairs tab => Click the Start





The repairs window will open, uncheck the boxes as indicated, also the "Restart" option, then select Start...





DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log


Also I need you to reset your Chrome settings. Once we get everything fixed, we will start re-enabling your addons one at a time.

Follow the instructions here, https://support.google.com/chrome/answer/3296214?hl=en-GB

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #11 on: August 11, 2015, 07:45:34 PM »
Sorry for the Delay.

Musixlib is an extension in chrome. You should be able to go to the extensions section of Chrome and uninstall it. Once you have either done that, or tried to do that and failed, run a full scan with Malwarebytes' Anti-Malware. After you start it go to the scan section and make sure you have threat scan selected, then start the scan. If it finds anything, fix it and post the log.


Next please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #12 on: August 12, 2015, 09:48:52 AM »
Hi,

I ran the programs as you requested with the exception of RogueKiller. When I attempted to download that program, McAfee gave me a warning that malware might be in that download, so I aborted it.

AntiMalware did find some problems, which I fixed, and the other two programs also detected some errors. Attached is a zip file with those logs. Hopefully, we are now on our way to fixing everything.

Thanks.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #13 on: August 12, 2015, 02:47:44 PM »
In the future please paste logs directly into the reply unless otherwise directed. That protects those helping you and anyone that uses your thread for research.

Looking at the logs it looks like you may have to reset a few preferences in Chrome, and it looks like everything was removed, except for Malwarebytes' Anti-Malware. The log does not say it was fixed. Did you fix what it found and just included the wrong log?

How is the machine running? You can go ahead and re enable all the other extensions in chrome that you use.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #14 on: August 12, 2015, 05:39:14 PM »
Hi,

Sorry for zipping the logs. After Malware Bytes ran it presented a message that it found three problems - outbronse.a in the registry and two other places. It gave me the option to remove them when I looked at the results, so I removed them. I guess this was after the logs were created.

The machine has been fairly stable, but I occasionally get unexpected messages. I close the windows so quickly that I can't tell you what they were, but the appeared after I highlighted text on a page. When I close the window, about blank appears. I then close that window and I am able to proceed normally. This was happening before I ran Antimalware Bytes. If it happens again, I'll pay more attention to the message. I will now enable the Chrome extensions I was using.