Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't download any files with any browser


  • This topic is locked This topic is locked
9 replies to this topic

#1 marcodaz

marcodaz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:40 AM

Posted 01 October 2012 - 03:39 PM

Hello all,

Well I finally came to the point of registering on this forum and asking my question. It's not really the way I usually fix problems because I know how to search and I know quite some stuff about computers but this one gets way above my head I guess.

"Well, what's the problem then?"

The problem started previous week when I suddenly realized that whenever I opened a new map in the explorer there opened a new window. This was getting quite frustrating as you can imagine. Something as simple as E:\Downloads\Alt.Binz\download would end up having 5 windows opened so I searched for the answer to this problem and tried a lot of things suggested on all kinds of forums but without success. The suggestions were things like fiddling around with register keys and running virus checks and all kinds of stuff. Finally sfc did the trick (why didn't I think of that before).

So now the problem with the folders opening in different windows is solved! yay! Well here's the next one:
Once the problem with the folders opening in different windows was solved, Internet Explorer stopped working. Whenever I search Internet Explorer in program files or whenever I try to launch it via run... it just doesn't open. No messages, no errors nothing so I tried to fix that problem too using Windows 7 manager and all kinds of other things and voila it worked! Really don't know why but it worked!

Not much time for partying because as soon as I opened "My Computer" I discovered that it opened in a separate window.. All over again.


But these two are not really the main problem (would be happy as a monkey in a bananafield if it did get fixed though). It is merely the problem with windows opening in separate windows where I think it all started and I highly suspect these two problems are linked. Well please read on. I know it's hard because of my chaotic storytelling style but just try :).

The following is the problem I'm asking help for in particular:
All files get deleted on completion when I download them using any browser and this is driving me nuts because I really can not find the problem in this one. It really doesn't matter what I download.

It gets to 100% in Google Chrome, but when i click the file to open it it just tells me: "Windows cannot find [downloads path and downloaded file]. Make sure you typed the name correctly, and then try again." Only option is to click OK.

Remarkably:
  • The status of the downloaded file changes to "deleted" and then disappears from the download bar.
  • When i click on the little arrow right next to the downloaded file (in the download bar at the bottom of the screen) and select "show file in map" then it just doesn't do anything.

It also gets to 100% in Internet Explorer, but this time when it's finished it tells me something like: [downloaded file] contains a virus and has been deleted.

(As you know, Internet Explorer is not working anymore, but that was the message I got when it still did.)


Time to sum up the things I've tried to fix this!

I didn't write it all down the moment I was performing these actions so I probably forgot some of them, but I'll do my best to sum them all up.
I think I don't have to mention that I've searched quite a lot before posting so the obvious things are probably not the problem. Might be though as we ICT-ers(Or how do you say that in english?) are often thinking in way to complicated manners when solving simple problems.

My own knowledge and common sense:
  • Disabled UAC
  • Checked if problem persists when 2nd user account is created (witch turned out to bump up even more problems including not able to open a browser so I couldn't really test that.)
  • Internet settings (IE and Chrome)
  • Checked if I REALLY didn't install AVG EVER witch I didn't (AVG seems to cause this particular problem to some people after some update, but I never used it so that's not my solution)
  • Fiddling around with anything I could think of even remotely linked to downloading files (And setting them back to default settings because it didn't fix the problem.)
  • Checked running processes and searched the processes I didn't know on Google


Tools used:

  • Windows 7 Manager(sfc,registery repair/defrag, System-components repair, Does-not-remember-view-settings repair and probably some other tools)


Scan for viruses/mallware using:

  • Esset online scanner
  • Panda cloud scanner
  • Microsoft Security Essentials
  • Mallwarebytes
  • Microsoft Windows Defender offline (using USB stick)
  • SUPERAntispyware

Oh and btw I also ran Combofix in save mode. Just saw when registering my account here that you should only run it when requested by an expert, but I've ran it before when I had some other issues and it fixed my computer after searching for 100 years to find a solution for my problem so it seemed like a really good idea! I'm sorry ;) Well if you would like to see the log it created then you should probably scroll down and see my second post because I will paste it there.

Well if you need anything else to help me I would be glad to provide you the information needed.

Many greetings,

Marcodaz

P.S: I'm realy not sure if we're dealing with a virus, a corrupt file or some other stupidity here since the scanners got some viruses, but they were all not the ones we are looking for and are from way before this problem started.

P.P.S: Oh I just read the rules, should have done it before, but I'll run the required tests tomorrow and post the logs here.


-UPDATE-

So here is the DDS.txt log and the attach.txt file is attached:

Attached File  Attach.txt   9.21KB   2 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Marco at 12:25:29 on 2012-10-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10070 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\installed\daemontools\DAEMON Tools Pro\DTShellHlp.exe
E:\installed\Xfire\Xfire.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
E:\installed\Programfiles\TeamVersion7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
E:\installed\Xfire\xfire64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\installed\Xfire\xfire64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [DAEMON Tools Pro Agent] "E:\installed\daemontools\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
StartupFolder: C:\Users\Marco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Marco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - E:\installed\Xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B50FD531-D7A9-48A3-8BEE-8FBBF9412188} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F18B01D3-EAC2-4D80-B7FD-292922AD6AC6} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
IE-X64: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-22 1258856]
R2 TeamViewer7;TeamViewer 7;E:\installed\Programfiles\TeamVersion7\TeamViewer_Service.exe [2012-5-22 2673064]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 ICTDrv;ICTDrv;C:\Windows\system32\DRIVERS\ICTDrv.sys --> C:\Windows\system32\DRIVERS\ICTDrv.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-4-10 22280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-29 250568]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;C:\Windows\system32\drivers\KovaPlusFltr.sys --> C:\Windows\system32\drivers\KovaPlusFltr.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-01 22:53:24 -------- d-----w- C:\Users\Marco\AppData\Local\Microsoft Games
2012-10-01 19:24:44 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F44CF97-BA4C-4ABA-8B76-C920C0B2E099}\mpengine.dll
2012-10-01 18:59:30 -------- d-----w- C:\Users\Marco\AppData\Roaming\SUPERAntiSpyware.com
2012-10-01 18:59:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-01 18:59:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-01 18:59:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-01 18:59:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-01 18:59:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-01 18:23:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-30 23:34:31 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-09-30 18:47:47 98816 ----a-w- C:\Windows\sed.exe
2012-09-30 18:47:47 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-30 18:47:47 256000 ----a-w- C:\Windows\PEV.exe
2012-09-30 18:47:47 208896 ----a-w- C:\Windows\MBR.exe
2012-09-30 13:08:00 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8723129A-CE47-4E1B-82B5-D8961824A0C4}\gapaengine.dll
2012-09-30 13:07:58 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 13:07:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-30 13:07:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-30 13:07:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-30 13:07:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-27 21:34:50 -------- d-----w- C:\ProgramData\GroupPolicy
2012-09-27 21:05:37 -------- d-----w- C:\Program Files\Yamicsoft
2012-09-27 21:05:37 -------- d-----w- C:\Program Files\Yamicsoft
2012-09-27 21:05:37 -------- d-----w- C:\Program Files\Yamicsoft
2012-09-27 21:05:37 -------- d-----w- C:\Program Files\Yamicsoft
2012-09-27 21:00:48 53248 ----a-r- C:\Users\Marco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-25 19:39:40 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-20 16:31:05 -------- d-----w- C:\Users\Marco\.yawcam
2012-09-20 14:50:27 -------- d-----w- C:\Users\Marco\AppData\Local\LogiShrd
2012-09-19 08:02:08 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-09-19 08:02:06 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-09-16 17:08:46 -------- d-----w- C:\Users\Marco\AppData\Roaming\Xfire
2012-09-16 17:08:45 -------- d-----w- C:\ProgramData\Xfire
2012-09-13 10:25:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-12 18:48:38 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-09-12 18:47:58 -------- d-----w- C:\ProgramData\Battle.net
2012-09-12 15:15:55 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 15:15:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 15:15:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 15:15:55 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 15:15:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 15:15:55 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 15:15:55 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 22:59:15 -------- d-----w- C:\Users\Marco\AppData\Roaming\SPORE
2012-09-11 11:13:12 15112 ----a-w- C:\Users\Marco\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-09-11 11:12:56 -------- d-----w- C:\Windows\PCHEALTH
2012-09-11 11:12:39 -------- d-----w- C:\ProgramData\WindowsLiveInstaller
2012-09-11 10:26:56 -------- d-----w- C:\Users\Marco\AppData\Local\{037BECB6-6D60-4101-99A2-9454659221B0}
2012-09-11 10:20:25 -------- d-----w- C:\Users\Marco\AppData\Roaming\Malwarebytes
2012-09-11 10:19:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-10 23:51:21 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-09-10 15:08:24 -------- d-----w- C:\Users\Marco\AppData\Local\{F7E41549-0F5C-4BE1-9812-003BF72B5646}
2012-09-09 22:44:56 -------- d-----w- C:\Users\Marco\AppData\Local\Chromium
2012-09-09 22:36:49 -------- d-----w- C:\ProgramData\Rockstar Games
2012-09-09 21:31:10 -------- d-----w- C:\Users\Marco\AppData\Local\{854BD2A1-146D-4372-A221-4C71DD76E0B4}
2012-09-09 09:30:47 -------- d-----w- C:\Users\Marco\AppData\Local\{E5720E0F-00EF-4965-84D4-FD4168E5FA5B}
2012-09-08 17:46:42 -------- d-----w- C:\Users\Marco\AppData\Local\{48BE955F-12D0-4915-A2B1-4D0C64CB36CE}
2012-09-07 11:39:47 -------- d-----w- C:\Users\Marco\AppData\Local\{8CED49F7-6770-4E7E-880B-75500CF08C1F}
2012-09-06 21:49:23 -------- d-----w- C:\Users\Marco\AppData\Local\{FF68463D-4617-403F-82DF-9A7C44226F1B}
2012-09-06 09:49:11 -------- d-----w- C:\Users\Marco\AppData\Local\{094B2391-1B09-4DFB-B9BC-0FA918F7D1B9}
2012-09-05 16:12:59 -------- d-----w- C:\Users\Marco\AppData\Local\{E244C34A-289E-4330-B19B-20210D812844}
2012-09-04 23:01:17 -------- d-----w- C:\Users\Marco\AppData\Local\{4936BBC3-A53D-48EE-B8E9-5906125ABA65}
2012-09-04 22:49:38 -------- d-----w- C:\Users\Marco\VirtualBox VMs
2012-09-04 22:49:05 -------- d-----w- C:\Users\Marco\.VirtualBox
2012-09-04 22:48:50 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-09-04 22:48:46 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-09-04 22:20:22 -------- d-----w- C:\Users\Marco\AppData\Roaming\Foxit Software
2012-09-04 11:00:54 -------- d-----w- C:\Users\Marco\AppData\Local\{822A3DD7-E4EE-49F5-B679-5A185E296C8A}
2012-09-04 00:08:31 -------- d-----w- C:\Users\Marco\AppData\Local\Macromedia
2012-09-04 00:06:20 -------- d-----w- C:\Users\Marco\AppData\Local\Mozilla
2012-09-03 23:00:31 -------- d-----w- C:\Users\Marco\AppData\Local\{EC6C59F2-F4EE-42E5-8F36-BCC190053AC4}
2012-09-03 11:00:21 -------- d-----w- C:\Users\Marco\AppData\Local\{FCA52CFD-CB12-4D2E-935C-47DEDAEB84B9}
2012-09-02 21:48:28 -------- d-----w- C:\Users\Marco\AppData\Local\{739FC20F-B197-42CD-AFCC-FE9BD3C359DE}
.
==================== Find3M ====================
.
2012-09-13 10:25:44 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-13 10:25:44 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-12 10:26:02 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 10:26:02 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 12:17:28 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-22 12:17:28 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-22 12:17:28 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-22 12:17:27 3492915 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-22 12:17:14 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-22 12:17:11 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-08 10:43:24 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-08 10:43:24 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-06 15:20:41 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-25 22:51:44 42440 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-14 18:55:22 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-07-10 16:05:19 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-10 16:05:19 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-10 16:05:19 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-10 16:05:19 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-07 11:01:50 1119 ----a-w- C:\Users\Marco\GODMODES.BAT
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 12:25:38.24 ===============

Edited by marcodaz, 02 October 2012 - 05:30 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 marcodaz

marcodaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:40 AM

Posted 01 October 2012 - 03:45 PM

Here's the Combofix output as I promised!


ComboFix 12-09-30.03 - Marco 10/01/2012 19:32:03.2.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.11177 [GMT 2:00]
Running from: e:\dropbox\Dropbox\Photos\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 17:33 . 2012-10-01 17:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-01 17:33 . 2012-10-01 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 23:34 . 2012-09-30 23:34 -------- d-----w- c:\windows\Microsoft Antimalware
2012-09-30 13:08 . 2012-09-30 13:07 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8723129A-CE47-4E1B-82B5-D8961824A0C4}\gapaengine.dll
2012-09-30 13:07 . 2012-08-29 22:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4FB4979-7E8A-4112-91FC-7656AB85141A}\mpengine.dll
2012-09-30 13:07 . 2012-09-30 13:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-27 21:34 . 2012-09-27 21:34 -------- d-----w- c:\programdata\GroupPolicy
2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\program files\Yamicsoft
2012-09-27 21:00 . 2012-09-27 21:00 53248 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-25 19:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 00:18 . 2012-09-30 12:11 -------- d-----w- c:\users\Marco\AppData\Roaming\Skype
2012-09-23 00:18 . 2012-09-23 00:18 -------- d-----w- c:\programdata\Skype
2012-09-20 16:31 . 2012-09-20 16:35 -------- d-----w- c:\users\Marco\.yawcam
2012-09-20 15:09 . 2012-09-20 15:09 -------- d-----w- c:\users\Marco\AppData\Roaming\Logitech
2012-09-20 14:50 . 2012-09-20 20:03 -------- d-----w- c:\users\Marco\AppData\Local\LogiShrd
2012-09-20 14:49 . 2012-09-20 14:49 -------- d-----w- c:\users\Marco\AppData\Roaming\Leadertech
2012-09-20 14:49 . 2012-09-20 14:58 -------- d-----w- c:\program files\logishrd
2012-09-20 14:49 . 2012-09-20 14:49 -------- d-----w- c:\programdata\LogiShrd
2012-09-19 08:02 . 2012-09-19 08:02 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-09-16 17:08 . 2012-09-30 17:50 -------- d-----w- c:\users\Marco\AppData\Roaming\Xfire
2012-09-16 17:08 . 2012-09-28 16:54 -------- d-----w- c:\programdata\Xfire
2012-09-13 10:25 . 2012-09-13 10:25 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-12 18:48 . 2012-09-12 18:48 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-09-12 18:47 . 2012-09-12 18:48 -------- d-----w- c:\programdata\Battle.net
2012-09-12 15:15 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:15 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:15 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:15 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:15 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:15 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 15:15 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 22:59 . 2012-09-11 22:59 -------- d-----w- c:\users\Marco\AppData\Roaming\SPORE
2012-09-11 11:12 . 2012-09-11 11:12 -------- d-----w- c:\windows\PCHEALTH
2012-09-11 11:12 . 2012-09-11 11:12 -------- d-----w- c:\programdata\WindowsLiveInstaller
2012-09-11 11:11 . 2012-09-11 11:12 -------- d-----w- c:\programdata\WLInstaller
2012-09-11 10:20 . 2012-09-11 10:20 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2012-09-11 10:19 . 2012-09-11 10:19 -------- d-----w- c:\programdata\Malwarebytes
2012-09-11 10:19 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 23:51 . 2009-10-24 19:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2012-09-09 22:44 . 2012-09-09 22:44 -------- d-----w- c:\users\Marco\AppData\Local\Chromium
2012-09-09 22:36 . 2012-09-09 22:36 -------- d-----w- c:\programdata\Rockstar Games
2012-09-04 22:49 . 2012-09-11 10:30 -------- d-----w- c:\users\Marco\VirtualBox VMs
2012-09-04 22:49 . 2012-09-11 10:30 -------- d-----w- c:\users\Marco\.VirtualBox
2012-09-04 22:48 . 2012-08-20 15:23 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-09-04 22:48 . 2012-09-19 19:57 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-04 22:48 . 2012-08-20 15:23 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-09-04 22:20 . 2012-09-26 19:15 -------- d-----w- c:\users\Marco\AppData\Roaming\Foxit Software
2012-09-04 00:08 . 2012-09-04 00:08 -------- d-----w- c:\users\Marco\AppData\Local\Macromedia
2012-09-04 00:06 . 2012-09-04 00:06 -------- d-----w- c:\users\Marco\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 10:25 . 2012-05-22 19:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-13 10:25 . 2012-05-22 19:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 00:57 . 2012-05-22 23:33 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-12 10:26 . 2012-05-29 16:06 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 10:26 . 2012-05-29 16:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 13:46 . 2012-08-27 15:45 9066344 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-22 13:46 . 2012-08-27 15:45 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-08-22 13:46 . 2012-08-27 15:45 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-08-22 13:46 . 2012-08-27 15:45 7387496 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-22 13:46 . 2012-08-27 15:45 6100328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-08-22 13:46 . 2012-08-27 15:45 2745192 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-22 13:46 . 2012-08-27 15:45 26228072 ----a-w- c:\windows\system32\nvoglv64.dll
2012-08-22 13:46 . 2012-08-27 15:45 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-08-22 13:46 . 2012-08-27 15:45 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-22 13:46 . 2012-08-27 15:45 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-08-22 13:46 . 2012-08-27 15:45 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-22 13:46 . 2012-08-27 15:45 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-08-22 13:46 . 2012-08-27 15:45 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-08-22 13:46 . 2012-08-27 15:45 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-08-22 13:46 . 2012-08-27 15:45 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-22 13:46 . 2012-08-27 15:45 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-08-22 13:46 . 2012-08-27 15:45 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-22 13:46 . 2012-08-09 22:12 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-22 13:46 . 2012-08-09 22:12 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-22 13:46 . 2012-08-09 22:12 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-22 13:46 . 2012-07-01 19:05 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-22 13:46 . 2012-05-22 19:32 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-22 13:46 . 2012-05-22 19:32 1763688 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-22 13:46 . 2012-05-22 19:32 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-22 13:46 . 2012-05-22 06:00 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-22 12:17 . 2011-03-24 07:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-22 12:17 . 2011-03-24 07:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-22 12:17 . 2010-11-09 18:17 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-22 12:17 . 2012-05-22 19:33 3492915 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-22 12:17 . 2011-03-24 07:52 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-22 12:17 . 2011-03-24 07:53 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-20 15:23 . 2012-08-20 15:23 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-08-08 10:43 . 2012-08-08 10:43 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-08 10:43 . 2012-08-08 10:43 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-08 10:43 . 2012-08-08 10:43 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-08 10:43 . 2012-08-08 10:43 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-08 10:43 . 2012-08-08 10:43 188912 ----a-w- c:\windows\system32\java.exe
2012-08-06 15:20 . 2012-08-06 15:20 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 22:51 . 2012-07-25 22:51 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:51 . 2012-07-25 22:51 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-07-18 18:15 . 2012-08-14 17:28 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 18:55 . 2012-07-14 18:55 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-10 16:05 . 2012-05-28 15:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 16:05 . 2012-05-28 15:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-10 16:05 . 2012-05-28 15:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-10 16:05 . 2012-05-28 15:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-07 11:01 . 2012-07-07 11:01 1119 ----a-w- c:\users\Marco\GODMODES.BAT
2012-07-04 22:16 . 2012-08-14 17:28 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 17:28 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 17:28 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 17:28 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"DAEMON Tools Pro Agent"="e:\installed\daemontools\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
Xfire.lnk - e:\installed\Xfire\Xfire.exe [2012-7-26 3553224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"RoccatKova+"="c:\program files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]
R2 MBAMScheduler;MBAMScheduler;e:\installed\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService;e:\installed\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-22 1258856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TeamViewer7;TeamViewer 7;e:\installed\Programfiles\TeamVersion7\TeamViewer_Service.exe [2012-07-16 2673064]
R2 UMVPFSrv;UMVPFSrv;c:\program files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-10 22280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250568]
R3 ALSysIO;ALSysIO;c:\users\Marco\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [2010-01-25 20:24 15104]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-06 283200]
S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [2009-07-10 22488]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 10:26]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031579043-340123370-4194206296-1000Core.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 19:42]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031579043-340123370-4194206296-1000UA.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 19:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 94.23.114.125:8080
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-01 19:34:52
ComboFix-quarantined-files.txt 2012-10-01 17:34
ComboFix2.txt 2012-09-30 18:52
.
Pre-Run: 25,759,895,552 bytes free
Post-Run: 25,613,000,704 bytes free
.
- - End Of File - - 813BB4861C86421FB4F754DF91D11CC6

#3 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 02 October 2012 - 03:16 PM

Hello marcodaz

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

Next, open any Windows Explorer window.
  • Press ALT to reveal a menu.
  • Select Tools from the menu
  • Select Folder options...
  • Go to the General Tab
  • Press the Restore Defaults button
  • Go to the View Tab
  • Place a checkmark in: Always show menus
  • Press the OK button.

Let me know whether this helped with the multiple Explorer windows opening.

#4 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 02 October 2012 - 03:21 PM

Regarding your download issue, if you uninstall Microsoft Security Essentials, do the warnings of: "[downloaded file] contains a virus and has been deleted." persist?

#5 marcodaz

marcodaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:40 AM

Posted 02 October 2012 - 03:36 PM

Hello Thisisu,

Thanks for the reply. I did exactly as you said. I downloaded Ccleaner slim using another PC and installed it. Did all the things you said and after that went to the folder options to set it to default. The "always show menus" option was already checked so i left it.

I tried if the problem persisted and it did. Folders open in separate windows and I still am unable to download anything.

#6 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 03 October 2012 - 11:25 AM

Download the FixIt tool from here: http://support.microsoft.com/kb/923737
Run it and follow the prompts.
Let me know if this helped with downloading via Internet Explorer.

__

Posted Image Please download RogueKiller to your desktop.
  • Now rename RogueKiller.exe to winlogon.exe
  • Double-click winlogon.exe to run. Right-click winlogon.exe and select "Run as administrator"
  • When it opens, press the Scan button
  • When the scan is finished, press the Delete button.
  • Attach the latest numbered RKreport.txt from your desktop to your next post.


#7 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 03 October 2012 - 11:33 AM

After you attempt to complete the above, follow these instructions too:

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

#8 marcodaz

marcodaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:40 AM

Posted 03 October 2012 - 04:04 PM

The Microsoft fix didn't fix the problem unfortunately. Seems like I can download .jpg files though using IE, but not using Chrome.

The log file of Roguekiller is attached: Attached File  RKreport2.txt   1.82KB   3 downloads

Now working on the next step... Update soon

[Update 1]
Well step 3 of windows repair actually fixed the folders opening in separate windows problem as expected, but created the problem of Internet Explorer not working

(see 1st post: "...Finally sfc did the trick..." "...Once the problem with the folders opening in different windows was solved, Internet Explorer stopped working...")


[Update 2]
Seems like I can download again! Really don't know why I can but I've just downloaded some files using Chrome. Seems like the only problem right now is Internet Explorer not opening. Cool :)

Well. Going for step 4 and repair now.

[Update 3]
Ok, I'm realy happy with the results. Only problem remains that IE refuses to start which is normally not a problem because I don't use it, but I need it to check my working schedule. And I still think the IE problem and the folders problem are linked (obviously).

But the main problem seems solved and I am very thankful for that.

Edited by marcodaz, 03 October 2012 - 04:36 PM.


#9 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 03 October 2012 - 06:39 PM

I'm glad to hear that.

About Internet Explorer. Tell me exactly what happens when you try to open it?
  • Completely unresponsive (doesn't even temporarily open?)
  • Opens but immediately shuts down?

Which version of Internet Explorer is installed? 8 or 9?
If 9, try uninstalling 9 and use version 8 to see if that will work.

If version 8, try installing version 9.

#10 thisisu

thisisu

    U


  • Malware Response Team
  • 2,208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:40 PM

Posted 07 October 2012 - 05:41 AM

Due to the lack of feedback, this topic will be closed.

If you need the topic re-opened, private message me or any moderator to re-open the thread.

Edited by thisisu, 18 October 2012 - 02:06 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users