Ok, so I have a virus. I've run a full Security Essentials scan, as well as Malware Bytes...I'm sure my kids d/l'd something that caused it. I removed all the suspicious programs, ran the scan again..and I'm still getting browser pop-ups for spam removal, etc...
DDS log:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-11-06 17:34:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00U9B0 rev.05.00K05 931.51GB
Running: gmer.exe; Driver: C:\Users\Darren\AppData\Local\Temp\uxdirpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037a7000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037a702f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071e917fa 2 bytes JMP 00000000822ea370
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071e91860 2 bytes JMP 00000000822ea3d6
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071e91942 2 bytes JMP 000000010279a9b8
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071e9194d 2 bytes JMP 000000010279a9c3
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2272] entry point in ".rdata" section 000000006fac71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000765851dd 7 bytes JMP 000000011003ac50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007658610b 7 bytes JMP 000000011003b000
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007658c6c1 7 bytes JMP 000000011003abc0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000765cfc98 7 bytes JMP 000000011003af50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000765cfcd1 7 bytes JMP 000000011003adf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000765cfcf5 7 bytes JMP 000000011003af00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [2740](2014-01-28 22:36:04) 0000000000400000
---- Files - GMER 2.1 ----
File C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Cookies\MNYR7S54.txt 93 bytes
---- EOF - GMER 2.1 ----
DDS log:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-11-06 17:34:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00U9B0 rev.05.00K05 931.51GB
Running: gmer.exe; Driver: C:\Users\Darren\AppData\Local\Temp\uxdirpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037a7000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037a702f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071e917fa 2 bytes JMP 00000000822ea370
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071e91860 2 bytes JMP 00000000822ea3d6
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071e91942 2 bytes JMP 000000010279a9b8
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071e9194d 2 bytes JMP 000000010279a9c3
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2272] entry point in ".rdata" section 000000006fac71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000765851dd 7 bytes JMP 000000011003ac50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007658610b 7 bytes JMP 000000011003b000
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007658c6c1 7 bytes JMP 000000011003abc0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000765cfc98 7 bytes JMP 000000011003af50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000765cfcd1 7 bytes JMP 000000011003adf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000765cfcf5 7 bytes JMP 000000011003af00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [2740](2014-01-28 22:36:04) 0000000000400000
---- Files - GMER 2.1 ----
File C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Cookies\MNYR7S54.txt 93 bytes
---- EOF - GMER 2.1 ----