Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web Browser Failure

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Web Browser Failure

Unread postby derick » July 19th, 2013, 3:26 am

Hello,

I recently inherited a computer from a friend and am trying to get it working properly. The memory usage seems to be getting jacked up and websites won't load properly. I can't load Firefox as a web browser. The computer is very powerful hardware-wise so I can only think it is a malware problem. Per your instructions here are the DDS and Attach files respectively:

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447
Run by Max Downs at 0:17:58 on 2013-07-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.14327.11394 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\Max Downs\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\DnsBasic\dnsbasic.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\U2VSvr.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DnsBasic\dnsbasic.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Max Downs\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\Max Downs\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\MTri1+64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max Downs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT32878 ... 87CA309D41
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
uURLSearchHooks: MixiDJ V5 Toolbar: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - C:\Program Files (x86)\MixiDJ_V5\prxtbMix0.dll
mURLSearchHooks: MixiDJ V5 Toolbar: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - C:\Program Files (x86)\MixiDJ_V5\prxtbMix0.dll
dURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Max Downs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: MixiDJ V5 Toolbar: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - C:\Program Files (x86)\MixiDJ_V5\prxtbMix0.dll
TB: MixiDJ V5 Toolbar: {F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A} - C:\Program Files (x86)\MixiDJ_V5\prxtbMix0.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: MixiDJ V5 Toolbar: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - C:\Program Files (x86)\MixiDJ_V5\prxtbMix0.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Max Downs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SearchProtect] C:\Users\Max Downs\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\MAXDOW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Max Downs\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MAXDOW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02C1A0CD-0C1A-46FB-84C3-00C04C26B9BB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{02C1A0CD-0C1A-46FB-84C3-00C04C26B9BB}\45275637742796E676F637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{02C1A0CD-0C1A-46FB-84C3-00C04C26B9BB}\D41687723702051646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DCCB539-FE89-42D4-85E8-DEB80F8A3978} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Util] C:\Windows\System32\Util.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-9 45856]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2011-3-24 26624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]
R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Max Downs\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-27 107520]
R2 DnsBasic Service;DnsBasic Service;C:\Program Files (x86)\DnsBasic\dnsbasic.exe [2013-6-30 22528]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 682344]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-3-15 138768]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 U2VSvr;U2VSvr;C:\Windows\System32\U2VSvr.exe [2011-3-24 264704]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2010-11-29 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-17 24176]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-3-15 14136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-3 676968]
R3 T1PExGrp64;T1PExGrp64;C:\Windows\System32\drivers\T1PExGrp64.sys [2011-3-24 23040]
R3 T1PMrGrp64;T1PMrGrp64;C:\Windows\System32\drivers\T1PMrGrp64.sys [2011-3-24 24576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe [2011-3-24 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\System32\drivers\t1pusb64.sys [2011-3-24 103168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-28 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-24 1255736]
.
=============== Created Last 30 ================
.
2013-07-01 06:56:44 -------- d-----w- C:\ProgramData\DnsBasic
2013-07-01 06:56:44 -------- d-----w- C:\Program Files (x86)\DnsBasic
.
==================== Find3M ====================
.
2013-06-26 23:07:54 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-13 00:21:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 00:21:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 0:18:26.55 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2011 6:03:13 PM
System Uptime: 7/19/2013 12:07:39 AM (0 hours ago)
.
Motherboard: MSI | | X58A-GD45 (MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 348.458 GiB free.
D: is CDROM (CDFS)
G: is FIXED (NTFS) - 932 GiB total, 63.407 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_75221462&REV_03\4&BF02F4E&0&0008
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_75221462&REV_03\4&BF02F4E&0&0008
Service:
.
==== System Restore Points ===================
.
RP169: 6/12/2013 4:23:40 PM - Scheduled Checkpoint
RP170: 6/20/2013 7:28:24 PM - Scheduled Checkpoint
RP171: 6/30/2013 11:51:34 PM - Quitado VAFPlayer
RP172: 7/9/2013 12:22:18 AM - Scheduled Checkpoint
RP173: 7/16/2013 11:06:31 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
Audacity 1.2.6
AVG 2012
AVG Security Toolbar
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ControlCenter
DefaultTab
Diablo III
DivX Setup
DnsBasic 1.0 build 111
DriverScanner
Dropbox
DWA-552
EPSON Printer Software
EPSON Scan
Google Chrome
Google SketchUp 8
Iminent
iTunes
Java 7 Update 7 (64-bit)
Java SE Development Kit 7 Update 7 (64-bit)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
MixiDJ V5 Toolbar
Norton Online Backup
OpenAL
OpenOffice.org 3.3
Python 2.7.3 (64-bit)
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Safari
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Splashtop Connect for Firefox
Splashtop Connect IE
StarCraft II
StartNow Toolbar
Super-Charger
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Display Device (Trigger 1+) 9.10.0526.0159
VC80CRTRedist - 8.0.50727.6195
VideoGenie
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Winamp
Winamp Detector Plug-in
WinRAR 4.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/19/2013 12:04:32 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


Thank you very much for any help.

Derick
derick
Active Member
 
Posts: 2
Joined: July 19th, 2013, 3:16 am
Advertisement
Register to Remove

Re: Web Browser Failure

Unread postby wannabeageek » July 19th, 2013, 9:36 am

Hello derick, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start





Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.

  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.

    Delete the step below that is inappropriate
  2. Double-click the MGADiag.exe icon on your Desktop. The tools' window will be displayed.
  3. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  4. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  5. Click the Copy button.
  6. Open Notepad and paste the contents of the report into the Notepad window.
  7. Save the report and paste the contents into your reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Web Browser Failure

Unread postby derick » July 19th, 2013, 10:43 pm

Hi Wannabeageek,

Thank you for your reply. Here are the results of the MGADiag.exe:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-KWTHV
Windows Product Key Hash: KBTrVNPb0d6X+MoJQZVWZTdmgqM=
Windows Product ID: 55041-091-9423802-86586
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {F5632130-7BC3-439F-98EE-7B6D9C16DAA8}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F5632130-7BC3-439F-98EE-7B6D9C16DAA8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-091-9423802-86586</PID><PIDType>6</PIDType><SID>S-1-5-21-1589778325-2484264928-3345457988</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7522</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V25.2</Version><SMBIOSVersion major="2" minor="5"/><Date>20110819000000.000000+000</Date></BIOS><HWID>5AE03A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-091-942380-03-1033-7600.0000-0812011
Installation ID: 010750515742097774109485092492766245287180365156057740
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: KWTHV
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 7/19/2013 7:40:46 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:25:2013 13:54
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: RAAAAAEACgABAAMAAAACAAAAAgABAAEA+jF+yBzFagMiRWLDPtt4GRJuRrziZ4Q0itXK3Ko1XEVc72I9usLCKUBv6oI=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7522MS A7522500
FACP 7522MS A7522500
HPET 7522MS OEMHPET
MCFG 7522MS OEMMCFG
OEMB 7522MS A7522500
SSDT DpgPmm CpuPm

Thank you,
Derick
derick
Active Member
 
Posts: 2
Joined: July 19th, 2013, 3:16 am

Re: Web Browser Failure

Unread postby Wingman » July 20th, 2013, 10:31 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware