[Resolved] Service provider quarantined internet today. IE opens randomly.

  • 15 Replies
  • 5458 Views
*

Offline Broly3k8

  • Bronze Member
  • 71
So a couple weeks ago IE started opening randomly. While browsing websites my computer would randomly download files only 1kb in size named randomly like "impi". I did some searching then, couldnt find a solution, decided it was too hard and moved on. Nothing new happened until a couple days ago when I turned on my PC and it blue screened me saying something about watchdog violation something something (sorry was a couple days ago.) I restarted the comp  and it worked perfectly again, except the random IE opening and downloading of minute files.

Today while at work my wife calls me and says the internet is not working on the PC, her phone, or the PS3. I moved into a new house this past weekend and the internet was just installed yesterday so I figured there was just a disconnect. Well I called them and they informed me that my internet was cut off and quarantined due to a virus or some sort trying to infect my computer/internet. They determined the threat was no longer there and turned my stuff back on.

EDIT: Also when I was searching for yalls site just now I kept getting an Apache Test Site thing. I thought you were all down and started looking elsewhere. A few other sites denied me access and finally Chrome warned me the my Proxy wasn't connecting... I have never turned that on. I turned it on and you guys are working again. Wonder if this is another symptom?

I just got home and I have been to you all before. So.. Please help me again?
Dearly sorry for the boring-ness of this post, but its been an extremely long day and I am dog tired. Forgive spelling errors and grammar.

PS: Running a HP Envy Phoenix windows 8.

DDS As follows:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.51.2
Run by amanda at 18:13:49 on 2014-05-06
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.16337.13928 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.outfox.tv/?referid=167
uProxyServer = hxxp=127.0.0.1:8080
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [MurGee.com Auto Clicker] C:\Users\amanda\AppData\Local\Auto Clicker\AutoClicker.exe :silent
uRun: [GoogleChromeAutoLaunch_80D2B08C757C10A992115C1FC2E4FD2B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\amanda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{32AD7549-D251-432F-9240-8D3E714AFEC6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{90D3FA8C-3B83-4FB8-A51C-FE4BA51D697B} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-4-30 677360]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-9-20 92536]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-12-14 2228440]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-4-15 2227536]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-2-2 9216]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-9-20 129336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-9-20 167736]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-8 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-6 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-6 857912]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-12-5 144368]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-3-25 108312]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-10-2 170200]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2013-9-20 165080]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-12-14 40248]
R3 BTWPANFL;BTW PAN filter driver;C:\windows\System32\Drivers\btwpanfl.sys [2013-9-20 44912]
R3 busenum;SteelBusSvc;C:\windows\System32\Drivers\SteelBus64.sys [2013-10-30 140800]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-12-5 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-5 137648]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140203.001\IDSviA64.sys [2014-2-3 521944]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\windows\System32\Drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\windows\System32\Drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\windows\System32\Drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-5-6 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\Drivers\MBAMSwissArmy.sys [2014-5-6 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2014-5-6 63192]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-19 772680]
R3 SAlphamHid;SteelHIDSvc;C:\windows\System32\Drivers\SAlpham64.sys [2013-5-31 38016]
R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-12-5 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-12-5 1139800]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-12-5 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-12-5 433752]
R3 VBAudioVACMME;@oem73.inf,%DeviceName% (WDM);VB-Audio Virtual Cable (WDM);C:\windows\System32\Drivers\vbaudio_cable64_win7.sys [2014-2-27 41192]
S2 OutfoxTvService;OutfoxTvService;C:\Program Files\OutfoxTV\OutfoxTvService.exe --> C:\Program Files\OutfoxTV\OutfoxTvService.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-2-16 49152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-1-31 98560]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-3-1 259144]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-12-5 23448]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-06 23:02:23   119512   ----a-w-   C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-06 23:02:15   88280   ----a-w-   C:\windows\System32\drivers\mbamchameleon.sys
2014-05-06 23:02:15   63192   ----a-w-   C:\windows\System32\drivers\mwac.sys
2014-05-06 23:02:15   25816   ----a-w-   C:\windows\System32\drivers\mbam.sys
2014-05-06 23:02:15   --------   d-----w-   C:\ProgramData\Malwarebytes
2014-05-06 23:02:15   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 19:01:15   --------   d-----w-   C:\ProgramData\BlueStacks
2014-05-01 22:20:35   796760   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\srtsp64.sys
2014-05-01 22:20:35   493656   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\symds64.sys
2014-05-01 22:20:35   433752   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\symnets.sys
2014-05-01 22:20:35   36952   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\srtspx64.sys
2014-05-01 22:20:35   23448   ----a-r-   C:\windows\System32\drivers\NISx64\1405000.01C\symelam.sys
2014-05-01 22:20:35   224416   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\ironx64.sys
2014-05-01 22:20:35   169048   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\ccsetx64.sys
2014-05-01 22:20:35   1139800   ----a-w-   C:\windows\System32\drivers\NISx64\1405000.01C\symefa64.sys
2014-05-01 22:20:29   --------   d-----w-   C:\windows\System32\drivers\NISx64\1405000.01C
2014-04-26 02:09:18   --------   d-----w-   C:\ProgramData\SplitMediaLabs
2014-04-26 02:09:18   --------   d-----w-   C:\Program Files (x86)\SplitmediaLabs
2014-04-26 02:08:35   --------   d-----w-   C:\Users\amanda\AppData\Roaming\SplitmediaLabs
2014-04-25 22:19:25   217776   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10237.bin
2014-04-20 22:53:00   --------   d-----w-   C:\Users\amanda\AppData\Roaming\RotMG.Production
2014-04-18 17:41:14   --------   d-----w-   C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 15:46:14   46136   ---ha-w-   C:\windows\System32\drivers\Hamdrv.sys
2014-04-13 14:40:54   --------   d-----w-   C:\Users\amanda\AppData\Local\LogMeIn
2014-04-13 14:40:54   --------   d-----w-   C:\ProgramData\LogMeIn
2014-04-12 02:15:58   108032   ----a-w-   C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-10 02:42:37   --------   d-----w-   C:\Users\amanda\AppData\Local\.doomseeker
2014-04-10 02:39:29   --------   d-----w-   C:\Program Files (x86)\Zandronum
2014-04-09 22:55:04   --------   d-----w-   C:\Users\amanda\AppData\Roaming\.doomseeker
2014-04-09 22:54:07   --------   d-----w-   C:\Program Files (x86)\Skulltag
2014-04-09 19:57:35   --------   d-----w-   C:\Users\amanda\AppData\Roaming\.technic
2014-04-09 17:44:24   978432   ----a-w-   C:\windows\System32\KernelBase.dll
2014-04-09 17:44:24   666112   ----a-w-   C:\windows\SysWow64\KernelBase.dll
.
==================== Find3M  ====================
.
2014-03-31 21:18:15   78296   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 21:18:15   694232   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-07 00:48:11   1766400   ----a-w-   C:\windows\SysWow64\wininet.dll
2014-03-07 00:47:24   2877952   ----a-w-   C:\windows\SysWow64\jscript9.dll
2014-03-07 00:08:30   2240000   ----a-w-   C:\windows\System32\wininet.dll
2014-03-07 00:08:27   915968   ----a-w-   C:\windows\System32\uxtheme.dll
2014-03-07 00:08:06   3959808   ----a-w-   C:\windows\System32\jscript9.dll
2014-02-14 23:24:39   18960   ----a-w-   C:\windows\System32\drivers\LNonPnP.sys
2014-02-08 04:34:42   4036608   ----a-w-   C:\windows\System32\win32k.sys
2014-02-05 23:41:39   595968   ----a-w-   C:\windows\System32\qedit.dll
2014-02-05 23:37:51   496640   ----a-w-   C:\windows\SysWow64\qedit.dll
.
============= FINISH: 18:14:15.04 ===============


I READ IN THE NEW INSTRUCTIONS POST TO COPY AND PASTE THIS TOO IN HERE NOW..

Here is the attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2013 7:15:25 PM
System Uptime: 5/6/2014 6:08:58 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 2AF3
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 911 GiB total, 464.369 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.389 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
Device ID: PCI\VEN_14E4&DEV_4359&SUBSYS_05E214E4&REV_00\000030FFFFD9A4DB00
Manufacturer: Broadcom
Name: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4359&SUBSYS_05E214E4&REV_00\000030FFFFD9A4DB00
Service: BCM43XX
.
==== System Restore Points ===================
.
RP37: 4/13/2014 5:38:57 PM - Configured Hi-Rez Studios Games
RP38: 4/24/2014 7:50:08 PM - Scheduled Checkpoint
RP39: 4/25/2014 9:08:52 PM - Installed XSplit Gamecaster
RP40: 5/5/2014 6:44:36 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Flash Player 10 Plugin
Airport Mania
Alcor Micro USB Card Reader Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arma 2
Arma 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Arma 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
Auto Clicker v1.5
Azteca
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 3
Bonjour
Borderlands 2
Bounce Symphony
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Broadcom Wireless Utility
Build-a-lot
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
DayZ
DayZ Commander
Delicious: Emily's Childhood Memories Premium Edition
Dota 2
Dropbox
Energy Star
Fallout: New Vegas
Farm Frenzy
Garry's Mod
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Grand Theft Auto III
Grand Theft Auto: San Andreas
Grand Theft Auto: Vice City
HAWKEN
Hi-Rez Studios Authenticate and Update Service
House of 1000 Doors: Family Secrets
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP Customer Experience Enhancements
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IDT Audio
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Just Cause 2
Just Cause 2: Multiplayer Mod
League of Legends
Left 4 Dead 2
Logitech Gaming Software
Logitech Gaming Software 8.51
LogMeIn Hamachi
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 2.0.1.1004
Marvel Heroes
Microsoft .NET Framework 1.1
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MusicBee 2.3
Mystery P.I. - Curious Case of Counterfeit Cove
Neverwinter
Norton Internet Security
NVIDIA Control Panel 311.27
NVIDIA Graphics Driver 311.27
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
Origin
Overwolf
Pando Media Booster
PAYDAY: The Heist
Peggle Nights
Photo Common
Photo Gallery
PlanetSide 2
Plants vs. Zombies - Game of the Year
Polar Bowler
PunkBuster Services
Realm of the Mad God
Realtek Card Reader
Recovery Manager
Roads of Rome 3
Royal Envoy 2 Collector's Edition
Rusty Hearts
Search Protection
Sid Meier's Civilization III: Complete
Sid Meier's Civilization V
Skulltag
Smite
Smite Public Test
Soldier Front 2
StarCraft II
Steam
SteelSeries Engine
Supreme Commander 2
Tales of Lagoona
Team Fortress 2
TeamSpeak 3 Client
TEdit 3
Terraria
The Elder Scrolls Online Beta
The Elder Scrolls V: Skyrim
The Lord of the Rings Online™
The Lord of the Rings Online™ v03.08.00.8029
The Witcher 2: Assassins of Kings Enhanced Edition
Torchlight II
Total War: ROME II
Total War: Rome II Additional Depots
Update Installer for WildTangent Games App
Uplay
Vacation Quest™ - Australia
VBCABLE, The Virtual Audio Cable
Ventrilo Client for Windows x64
WildTangent Games
WildTangent Games App (HP Games)
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Tanks
XSplit Gamecaster
Youda Jewel Shop
Zandronum
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/6/2014 6:09:20 PM, Error: Service Control Manager [7000]  - The OutfoxTvService service failed to start due to the following error:  The system cannot find the file specified.
5/6/2014 2:03:30 PM, Error: Service Control Manager [7034]  - The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).
5/3/2014 12:17:00 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
5/3/2014 12:17:00 PM, Error: Schannel [36884]  - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.
5/2/2014 7:10:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 050214-16671-01.
.
==== End Of File ===========================
« Last Edit: May 06, 2014, 07:48:03 PM by Hoov »

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27195
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
It is Hoov again. As I have helped you before, I will skip all the preliminaries and get right to it. But I need to ask you to stick with the process all the way to the end this time.

A few things I notice, you have Norton installed but it is outdated. Are you using it at all? Also I see that you have Outfox installed, is this something you use?

Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Broly3k8

  • Bronze Member
  • 71
Hey Hoov

I just realized that our last conversation in another topic left a little to be desired.. Sorry about that, I had completely forgotten about that computer as shortly after that I broke down and bought another laptop of better quality and more suited to my needs. I ended up parting that one out. Turned out I had fried part of my processor :(..

here is the first report, need to shut down the computer again for the next one so I am going post this one, then post the next two soon as they're done.

# AdwCleaner v3.207 - Report created 06/05/2014 at 21:43:27
# Updated 05/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : amanda - AMANDA
# Running from : C:\Users\amanda\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\amanda\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\amanda\AppData\Roaming\Search Protection
File Deleted : C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3321738&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP30482155-1739-47BD-9968-D96FFCC25A87&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [1768 octets] - [06/05/2014 21:36:46]
AdwCleaner[S0].txt - [1569 octets] - [06/05/2014 21:43:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1629 octets] ##########


JUNKWARE REMOVAL TOOL


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by amanda on Tue 05/06/2014 at 21:51:51.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0E84B183-87A2-4D7E-A0B6-1DC6A715D7C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0E84B183-87A2-4D7E-A0B6-1DC6A715D7C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{0E84B183-87A2-4D7E-A0B6-1DC6A715D7C0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/06/2014 at 21:53:07.85
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ROGUE KILLER

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : amanda [Admin rights]
Mode : Remove -- Date : 05/06/2014 21:58:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MurGee.com Auto Clicker (C:\Users\amanda\AppData\Local\Auto Clicker\AutoClicker.exe :silent [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-152001228-498363203-1698013675-1001\[...]\Run : MurGee.com Auto Clicker (C:\Users\amanda\AppData\Local\Auto Clicker\AutoClicker.exe :silent [7]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-60ZF5A0 +++++
--- User ---
[MBR] d4b182d949398bae6c6545ceeba72d1d
[BSP] 352bff32ef62ced286ff6197bd3e8ba7 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_05062014_215847.txt >>
RKreport[0]_S_05062014_215754.txt

COMMAND PROMPT


Windows IP Configuration

   Host Name . . . . . . . . . . . . : amanda
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : A4-DB-30-43-91-1E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 78-E3-B5-88-8B-7B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:6000:50e0:6d01:9f5:1eff:e43e:8bcf(Preferred)
   Temporary IPv6 Address. . . . . . : 2605:6000:50e0:6d01:d1f4:2acd:7480:ebd5(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9f5:1eff:e43e:8bcf%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 6, 2014 9:51:14 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 6, 2014 10:51:13 PM
   Default Gateway . . . . . . . . . : fe80::ea6d:52ff:fe44:2296%15
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 393798581
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-16-C9-0A-78-E3-B5-88-8B-7B
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 7A-79-19-3B-D0-F0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 25.59.208.240(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CB952955-BBDC-4AA5-B71C-C39697FE2ADC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{90D3FA8C-3B83-4FB8-A51C-FE4BA51D697B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
« Last Edit: May 06, 2014, 09:02:36 PM by Broly3k8 »

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27195
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Can you tell me if you use Norton or not, and if you knowingly installed Outfox?

Also it appears as if your LogMeIn install is active. If you are not using that intentionally, I would uninstall that. It may not be the problem, but with it connected, it is a problem.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Broly3k8

  • Bronze Member
  • 71
Forgive me for missing that last question in your first post. Got distracted by my son. he starts screaming and I start overreacting and trying to do things like reply here way too quickly while missing things..

I am no longer using Norton as I can not afford it at this time, and it has run past its service time. Should I just completely remove it?

Outfox, kind of yes. I installed Teamspeak 3 and that came with it. I was advised it was an add-on program for Teamspeak, but is it not? SHould I remove it? its not working anymore way, it tells me it cant find a missing file or something like that.

LogMeIn (Hamachi I believe?) runs in the background alot as I have heard. I use it to play with friends on Minecraft, Terraria and a host of other games. Should I keep it shut down while not using it?

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27195
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
LogMeIn should always be shutdown when not actively using it. It is basically a big hole in your security that allows anyone onto your system.

As for outfox.tv is suppose to allow you to watch TV. I do not know that TeamSpeak would use it. I recommend uninstalling it. It has been making a big splash lately as a pain. You need to go to the program folder and run the uninstaller from in there. It is not in the uninstall list in windows.

About Norton, if you are not using it, then it is definitely something to remove. Uninstall it and then please go to the license recovery instructions.


Once those are done, please update Malwarebytes' Anti-Malware and then run a threat scan on your system. Fix anything it finds and post the resulting log. If it finds nothing, post that log instead.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Broly3k8

  • Bronze Member
  • 71
I did everything as requested in your last post. I couldn't find Outfox in my Uninstall programs list so I am unsure how to remove it. I did a search for outfox in my C: drive and deleted all the files that came up, but I am not sure that is enough..

Here is the Malewarebytes log
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 5/7/2014
Scan Time: 6:27:17 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.07.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: amanda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256926
Time Elapsed: 5 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27195
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
I did everything as requested in your last post. I couldn't find Outfox in my Uninstall programs list so I am unsure how to remove it. I did a search for outfox in my C: drive and deleted all the files that came up, but I am not sure that is enough..

This is why I said,

You need to go to the program folder and run the uninstaller from in there. It is not in the uninstall list in windows.

There should have been an uninstaller in the outfox folder.

How is your computer running now? Can you come to this site and to the other sites that you were getting redirected from?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Broly3k8

  • Bronze Member
  • 71
Holy ****. Sorry for being absent minded and missing alot youve posted in this.

When I did the search though it didnt bring up any folders, and the directorys always said something like /user/appdate/roaming/something/something/numbersandsymbols.

Computer is running great now. Thanks for all your help thus far!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27195
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
No worries.

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.

      Once you have done that, run your computer for a day or so, and then if all is still well, we can do some cleanup and call this done.

      If you have any questions or concerns, let me know.

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      *

      Offline Broly3k8

      • Bronze Member
      • 71
      OK, its been about 24 hours since I last did this, would you like me to wait longer? Everything seems to be running pretty smoothly atm.. I wasnt having problems with performance or anything before all this, but over all it does seem to be performing a little better since we started.

      *

      Offline Hoov

      • Malware Removal Mentors
      • Administrator
      • Diamond Member
      • 27195
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      We will do some cleanup and call it done.

      Now  there are a few thing's you need to do to fully clean your system and keep it secure.

      Run OTC
      Download OTC to your desktop and run it
      Click Yes to beginning the Cleanup process and remove these components, including this application.
      You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

      Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

      Disable and Enable System Restore.
      I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
      For Vista use these instructions, Windows Vista Restore Guide
      For XP use these instructions, Windows XP System Restore Guide
      Reboot
      Re-enable system restore with instructions from tutorial above
      Create a System Restore Point
      Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

      Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

      Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
      Firefox.
      It is also worth trying Thunderbird for controlling spam in your e-mail.

      Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

      Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

      Always use a firewall.
      Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
       
      Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


      Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


       MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. Download version 2. It is not the download button, but just underneath it. It will monitor the software you have installed and let you know when something needs to be updated.

      Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

      Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

      We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
      PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

      Let us know if you have any more problems, either new or old.
      Have a good time surfing the net, but stay safe.
      If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      *

      Offline Broly3k8

      • Bronze Member
      • 71
      Hey just wanted to apologize for the delay, work is quite time invasive at the moment.

      That being said I have reviewed everything from your last post and run the OTC program (it literally took less then 10 seconds before it asked me too restart.. Idk if that's a good thing or not.)

      Will be using CCLeaner from now on.

      Also just a heads up, the System Restore stuff doesn't work for Windows 8. For future reference, in order to edit that stuff on Windows 8, right click Computer in the File Explorer box, Go to properties, click system protection on the left hand list (might ask for Administrator access, just click yes.) Click System Protection on the top bars, if its not already there, then click 'Creat'. Also you can edit system restore 'stuff' from that same box.

      Dont use IE, wont to remove it as a matter of fact... Can I? Either way I will follow the same procedures with Chrome, which is my main.

      Anti-Virus, Check.
      Firewall, double check (Holy **** that was a long read)
      Keeping Malwarebaytes, Check.
      Learn how to use Firewall, still learning so not a complete check yet.


      Stopped using P2P last year, as I decided I like to keep the companies I like in business by buying their materials. Also keeps the computer a lot safer. Wont use P2P ever again I dont think.

      Saved that list too my bookmarks. Also saved every program we have used so far too a special folder on my desktop named: You Don Screwed Up.

      Thanks for your help again Hoov. Pleasant as always and you didn't publicly shame me, so kudos and A+ for you. I really hope you're getting paid somewhere along the line for the amazing stuff you do with computers, and the knowledge you have for them. Hopefully I don't ever have to come back, but if I do, I hope to see you and work with you then too. If you're ever in Central Texas let me know, there's a free beer here for you whenever you need it.

      *

      Offline Hoov

      • Malware Removal Mentors
      • Administrator
      • Diamond Member
      • 27195
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      If I took up everyone on the free beer, I would be drunk for the rest of my life.

      As for shaming you, there is no reason to shame anyone who is not a politician publicly. You got into trouble just as many have done before you and you needed help. I have been in the exact same position, as have all of us who help others. That is one reason why we do what we do.

      About saving the software we used, unless it is something that you actively use (Malwarebytes' Anti-Malware, Ccleaner and the like) there is no need to hang on to it. They all get updated from time to time, but not like AV scanners update. The code for the program gets updated.

      Thanks for the info about Windows 8, I need to update that. I am still learning windows 8. IE cannot be removed. You will need it during windows updates. There are people who report that it is possible to uninstall IE, but I do not know anyone that has managed to do it successfully.

      The big thing you need to keep in mind going forward is that keeping your computer secure is a process. There is no single program that will keep you secure.

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      *

      Offline Broly3k8

      • Bronze Member
      • 71
      Just wanted to give an update. Everything is running smoothly and I haven't had any problem with it at all. Thanks again for all your help.

      I deleted the software we used as you suggested, but kept CC, Maleware, and one other I can't remember this very second.

      Thank for the info on IE. I dislike it but if its keeping my computer up-to-date for the most part, then I suppose its a necessity.