Member Avatar for mcfilmmakers

Hello,

I am currently running Windows 8 and am having an issue with Internet Explorer. Even with no programs running, IE constantly opens and tries accessing Outlook.com and hits an error screen from Outlook.com saying the requested page cannot be found.

While downloading the virus scanners for the logs, I began hitting a different problem. The Mail app began to also pop up asking me to log in. This was quite annoying since I had to now jump between touch and desktop modes (without a touchscreen), consantly close the mail app and lose hundreds of Outlook.com tabs while also downloading the software.

Anyway, long story short, this is VERY annoying.

None of the scanners found anything. Not even spybot. Help is strongly needed.

Thank you.

Here are the requested logs:

MalwareBytes’ Anti-Malware log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.30.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Jonathan :: FAMIGAMI [administrator]

11/30/2013 10:11:12 PM
mbam-log-2013-11-30 (22-11-12).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349160
Time elapsed: 24 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER One.log

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-30 22:34:41
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT06B0Q 111.79GB
Running: mvy3s3zu.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwrcypod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [5572:7920]                                      fffff960008055e8
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [8808:1432]     000007f819fbc680
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [11948:8240]   000007f81a11838c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [11948:10604]  000007f819fbc680

---- EOF - GMER 2.1 ----

GMER Two.log

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-30 22:52:51
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT06B0Q 111.79GB
Running: mvy3s3zu.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwrcypod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [5572:7920]                                          fffff960008055e8
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [11948:8240]       000007f81a11838c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [11948:10604]      000007f819fbc680

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed  -1657256913

---- EOF - GMER 2.1 ----

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Jonathan at 23:05:23 on 2013-11-30
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.8157.6934 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 208.122.23.22 208.122.23.23 184.106.242.193 192.168.1.1
TCP: Interfaces\{74D96DAC-6FC9-4B48-AFAD-8537AA017AC9} : DHCPNameServer = 208.122.23.22 208.122.23.23 184.106.242.193 192.168.1.1
SSODL: WebCheck - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\Drivers\UsbFltr.sys [2007-4-9 12288]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-22 21160]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2013-12-01 06:57:43 --------    d-----w-    C:\Users\Jonathan\AppData\Local\Apple
2013-12-01 06:54:38 --------    d-----w-    C:\Users\Jonathan\AppData\Local\ElevatedDiagnostics
2013-12-01 06:42:19 10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D45A4A81-ACE3-4070-A30B-171153B90102}\mpengine.dll
2013-12-01 06:10:08 --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\Malwarebytes
2013-12-01 06:10:03 --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-01 06:10:02 25928   ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-01 06:10:02 --------    d-----w-    D:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 06:09:32 --------    d-----w-    C:\Users\Jonathan\AppData\Local\Programs
2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2013-12-01 05:58:12 --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-11-30 05:21:41 10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-14 16:03:23 257536  ----a-w-    D:\Program Files (x86)\Internet Explorer\ieproxy.dll
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936  ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-05 22:58:57 78296   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-05 22:58:57 694232  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20 2241536 ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-10 11:53:35 96600   ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968  ----a-w-    C:\Windows\System32\BFE.DLL
2013-10-02 23:25:41 1300992 ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-01 23:37:57 1569280 ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w-    C:\Windows\System32\authui.dll
2013-10-01 22:22:19 1022976 ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-23 22:30:14 419328  ----a-w-    C:\Windows\System32\schannel.dll
2013-09-23 22:30:03 323072  ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-13 22:36:37 35328   ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992   ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976  ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296  ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448   ----a-w-    C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928  ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848  ----a-w-    C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328   ----a-w-    C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w-    C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192  ----a-w-    C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104  ----a-w-    C:\Windows\System32\storewuauth.dll
2013-09-04 03:11:23 576512  ----a-w-    C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 23:05:28.85 ===============
Edited by mcfilmmakers
  • 2 Contributors
  • 3 Replies
  • 420 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by mcfilmmakers
Member Avatar for shdwmage

Which Internet Explorer are you running? The App version or the desktop version?

Member Avatar for mcfilmmakers

This would be happening in the desktop version of IE.

The app version of mail goes crazy when I'm in tile mode.

Edited by mcfilmmakers
Member Avatar for mcfilmmakers

Any ideas as to what might be causing this?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.