Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RunDLL message, spam pop-ups on the internet and emailbrowser


  • Please log in to reply
38 replies to this topic

#1 Mark-D

Mark-D

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 18 August 2013 - 02:23 PM

Hello everyone,

 

Here’s a description of my problem:

 

On start-up I get the following RunDLL message:

Error loading C:/Jef/AppData/Local/Temp/wpbt0.dll
The specified module could not be found

 

 

When browsing the internet I get a lot of spam pop-ups and redirections. Also on a lot of internet forums certain words are underlined and spam screens pop-up when I mouse over them.

 

 

Outlook, my email browser is not responding as it should be. It is like something is suppressing it.

 

 

I also think something has disabled my virus scanner (Avira).

 

I have posted about my problem here and included all the scan logs as asked.

 

http://www.bleepingcomputer.com/forums/t/504592/rundll-message-spam-pop-ups-on-the-internet-and-emailbrowser/#entry3133712

 

 

I was then asked to post in this section.

 

I ran DDS. The log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 1.6.0_13
Run by Jef at 18:47:04 on 2013-08-18
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3069.983 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.goodfindings.info/?unqvl=32
mStart Page = hxxp://websearch.goodfindings.info/?unqvl=32
uProxyServer = 0
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
uURLSearchHooks: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - <orphaned>
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar_NL Toolbar: {87775FDB-6972-41F9-AE51-8326E38CB206} - c:\program files\utorrentbar_nl\tbuTor.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [PhilipsDM] c:\program files\philips\philips device manager\bin\LaunchDM.exe OS_STARTUP
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\users\jef\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 195.130.131.132 195.130.130.4
TCP: Interfaces\{56B3506A-9100-44C1-98EB-7554DE17F272} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C1C47174-7F59-41E1-8AC0-ED54CC84016C} : DHCPNameServer = 195.130.131.132 195.130.130.4
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\googledesktopnetwork3.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.goodfindings.info/?unqvl=32&l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://websearch.goodfindings.info/?unqvl=32
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\innova-engineering gmbh\3d-viewer-innoplus\npIno3DViewer.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jef\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jef\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}\plugins\np-mswmp.dll
FF - plugin: c:\users\jef\appdata\roaming\mozilla\firefox\profiles\1m0k68s9.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 02:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-4-8 15672]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2013-4-8 821592]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-28 187904]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2013-4-8 20336]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2013-4-8 30640]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2013-4-8 19832]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe --> c:\program files\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-20 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
.
=============== Created Last 30 ================
.
2013-08-17 00:11:16    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-16 21:26:40    --------    d-----w-    c:\programdata\StarApp
2013-08-16 21:26:16    --------    d-----w-    c:\programdata\InstallMate
2013-08-15 01:03:49    --------    d-----w-    c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-06-11 21:05:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 21:05:24    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:48:25,95 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 23 August 2013 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 23 August 2013 - 02:48 PM

Dear nasdaq,

 

Thank you very much for your help.

 

Here are the different logs:

 

# AdwCleaner v3.000 - Report created 23/08/2013 at 20:05:52

# Updated 20/08/2013 by Xplode

# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)

# Username : Jef - PC_VAN_JEF

# Running from : C:\Users\Jef\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

[x] Not Deleted : C:\Program Files\uTorrentBar_NL

Folder Deleted : C:\Users\Jef\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Jef\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Jef\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Jef\AppData\LocalLow\PriceGong

[x] Not Deleted : C:\Users\Jef\AppData\LocalLow\uTorrentBar_NL

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\Conduit

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\ConduitCommon

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\CT2865317

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\CT1750559

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\Extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}

Folder Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

File Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\searchplugins\daemon-search.xml

File Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\searchplugins\WebSearch.xml

File Deleted : C:\Users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\

Key Deleted : HKLM\SOFTWARE\Classes\AppID\

Key Deleted : HKLM\SOFTWARE\Classes\AppID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3540A407-3EB5-4E88-9FB9-C4F7E91B4551}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80754C2A-81D3-442C-9138-9EBB0C4E140A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32BC95C1-1052-4FFD-9C69-D016A1CBAEF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\

Key Deleted : HKLM\SOFTWARE\Classes\Interface\

Key Deleted : HKLM\SOFTWARE\Classes\Interface\

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\

 

 

 

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows Vista ™ Home Premium x86

Ran by Jef on vr 23/08/2013 at 20:32:10,54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2865317

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Jef\appdata\locallow\utorrentbar_nl"

Successfully deleted: [Folder] "C:\Program Files\utorrentbar_nl"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Jef\AppData\Roaming\mozilla\firefox\profiles\1m0k68s9.default\minidumps [85 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on vr 23/08/2013 at 20:37:09,28

End of JRT log

 

 

 

ComboFix 13-08-22.01 - Jef 23/08/2013  21:22:37.3.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3069.1793 [GMT 2:00]

Gestart vanuit: c:\users\Jef\Desktop\ComboFix.exe

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Nieuw herstelpunt werd aangemaakt

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\0tbpw.pad

c:\users\Jef\AppData\Local\Temp\ppcrlui_3568_2

c:\users\Jef\AppData\Roaming\46BE.225

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2013-07-23 to 2013-08-23  ))))))))))))))))))))))))))))))

.

.

2013-08-23 19:35 . 2013-08-23 19:35        --------  d-----w-               c:\users\Public\AppData\Local\temp

2013-08-23 19:35 . 2013-08-23 19:35        --------  d-----w-               c:\users\Default\AppData\Local\temp

2013-08-23 18:32 . 2013-08-23 18:32        --------  d-----w-               c:\windows\ERUNT

2013-08-23 18:03 . 2013-08-23 18:06        --------  d-----w-               C:\AdwCleaner

2013-08-17 00:11 . 2013-08-17 09:22        --------  d-----w-               c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-16 21:26 . 2013-08-16 21:26        --------  d-----w-               c:\programdata\StarApp

2013-08-15 01:03 . 2013-08-15 01:06        --------  d-----w-               c:\windows\system32\MRT

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-22 17:05 . 2012-12-21 23:32        692104  ----a-w-               c:\windows\system32\FlashPlayerApp.exe

2013-08-22 17:05 . 2011-12-02 22:09        71048    ----a-w-               c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]

"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]

"LaCie Backup"="c:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2007-12-03 2600960]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-13 39408]

"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2008-12-09 800256]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-14 221184]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]

"NDSTray.exe"="NDSTray.exe" [BU]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-28 1836544]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\LaunchDM.exe" [2007-08-11 40960]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]

.

c:\users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-4 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\google\google~3\googledesktopnetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12   REG_MULTI_SZ               Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt      REG_MULTI_SZ               hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-31 16:15             1173456               ----a-w-               c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-21 17:05]

.

2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 19:58]

.

2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 19:58]

.

2013-08-18 c:\windows\Tasks\Norton Security Scan for Jef.job

- c:\progra~1\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-06 02:30]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = 0

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

FF - ProfilePath - c:\users\Jef\AppData\Roaming\Mozilla\Firefox\Profiles\1m0k68s9.default\

FF - ExtSQL: !HIDDEN! 2009-09-02 02:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-08-23 21:35

Windows 6.0.6001 Service Pack 1 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????P6#H???????????(???h?????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5608)

c:\program files\IDM\Desktop SMS\oehook.dll

.

Voltooingstijd: 2013-08-23  21:39:13

ComboFix-quarantined-files.txt  2013-08-23 19:39

ComboFix2.txt  2011-05-04 15:52

ComboFix3.txt  2011-05-02 21:00

.

Pre-Run: 4.163.088.384 bytes beschikbaar

Post-Run: 3.669.905.408 bytes beschikbaar

.

- - End Of File - - 6912A290FEC5AE8F336C1127173A480F

5C616939100B85E558DA92B899A0FC36



#4 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 23 August 2013 - 03:24 PM

Looking better

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problems persists.

#5 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 August 2013 - 01:03 PM

Dear Nasdaq,

 

 

Alas, my problems still persist. I still have a lot of pop-up screens opening when I try to navigate to pages.

 

And my email program, hotmail/outlook is still acting very strange. It does not response when I try to open emails, I have to refresh the page several times until I can open emails.

 

 

Here is the asked scan log:

 

 

 Results of screen317's Security Check version 0.99.72  
 Windows Vista Service Pack 1 x86   
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 13  
 Java™ 6 Update 3  
 Java version out of Date!
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
 Toshiba Toshiba Online Product Information TOPI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````



#6 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 25 August 2013 - 01:45 PM




Open the StartBtn.gif > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Keep me posted.

p.s.
What are the virus protection software programs are installed on this computer.

Will also take care of the SecurityCheck log when all is well.

#7 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 27 August 2013 - 01:03 PM

Dear Nasdaq,

 

I planned to do as you asked but wasn't able to. When I started up my computer I saw that I did not have an internet connection. I tried to restart but I got a blank white screen after Windows loaded and I gave in my password. I tried to start up in safe mode, but when I do this I get a black screen.

 

I have tried restarting several times but I always get a blank white screen and can't use the computer anymore... Is there anything I can do? There is a lot of important info on my harddrives...



#8 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 27 August 2013 - 01:22 PM

You will need a flash driver to execute this.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

#9 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 27 August 2013 - 02:40 PM

Hello Nasdaq,

 

it worked, I will post the log.


Edited by Mark-D, 27 August 2013 - 02:49 PM.


#10 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 27 August 2013 - 02:55 PM

Here's the Farbar Recovery Scan Tool log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 03
Ran by SYSTEEM on 27-08-2013 21:50:55
Running from H:\
Windows Vista ™ Home Premium (X86) OS Language: Dutch Standard
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-06-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [366400 2006-12-06] (Google Inc.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-28] (Google)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [PhilipsDM] - C:\Program Files\Philips\Philips Device Manager\Bin\LaunchDM.exe [40960 2007-08-11] (Koninklijke Philips Electronics N.V.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM\...\Run: [LifeChat] - C:\Program Files\Microsoft LifeChat\LifeChat.exe [267296 2008-08-21] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [4474832 2012-12-25] (IObit)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-19] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Jef\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-19] (Microsoft Corporation)
HKU\Jef\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-12-29] ()
HKU\Jef\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-05-04] (Valve Corporation)
HKU\Jef\...\Run: [LaCie Backup] - C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [ 2007-12-03] (LaCie SA)
HKU\Jef\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-06-13] (Google Inc.)
HKU\Jef\...\Run: [Comrade.exe] - C:\Program Files\GameSpy\Comrade\Comrade.exe [ 2008-12-09] (IGN Entertainment Inc.)
HKU\Jef\...\Run: [ISUSPM Startup] - c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [ 2004-06-14] (InstallShield Software Corporation)
HKU\Jef\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [ 2011-01-17] ()
HKU\Jef\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [ 2013-01-15] (IObit)
HKU\Jef\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
ShortcutTarget: OneNote 2007 Schermopname en Snel starten.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-28] (Google)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2009-11-14] ()
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S3 DAUpdaterSvc; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2008-12-17] ()
S0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-19] (Microsoft Corporation)
S3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-18] (DT Soft Ltd)
S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [20336 2012-01-05] (IObit)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2008-12-17] ()
S3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [30640 2012-07-05] (IObit.com)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [19832 2012-07-05] (IObit.com)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Jef\AppData\Local\Temp\catchme.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 19:11 - 2013-08-25 19:11 - 00022914 _____ C:\Users\Jef\Downloads\subtitlesnl.com-771Game.of.Thrones.S03E07.HDTV.x264-2HD.rar
2013-08-23 21:45 - 2013-08-23 21:45 - 00000000 ____D C:\Users\Jef\Documents\EA Games
2013-08-23 21:40 - 2013-08-23 21:39 - 00891115 _____ C:\Users\Jef\Desktop\SecurityCheck(1).exe
2013-08-23 21:39 - 2013-08-23 21:39 - 00891115 _____ C:\Users\Jef\Downloads\SecurityCheck(1).exe
2013-08-23 21:38 - 2013-08-23 21:38 - 00000534 _____ C:\Users\Public\Desktop\Medal of Honor Pacific Assault™.lnk
2013-08-23 20:39 - 2013-08-23 20:39 - 00009527 _____ C:\ComboFix.txt
2013-08-23 20:19 - 2013-08-23 20:39 - 00000000 ____D C:\ComboFix
2013-08-23 20:17 - 2013-08-23 20:17 - 05111180 _____ (Swearware) C:\Users\Jef\Downloads\ComboFix.exe
2013-08-23 19:32 - 2013-08-23 19:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 19:29 - 2013-08-23 19:29 - 01021434 _____ (Thisisu) C:\Users\Jef\Downloads\JRT.exe
2013-08-23 19:03 - 2013-08-23 19:06 - 00000000 ____D C:\AdwCleaner
2013-08-23 17:00 - 2013-08-23 17:00 - 00975858 _____ C:\Users\Jef\Downloads\adwcleaner.exe
2013-08-18 17:46 - 2013-08-18 17:46 - 00688992 ____R (Swearware) C:\Users\Jef\Downloads\dds.com
2013-08-18 10:34 - 2013-08-18 10:34 - 00891115 _____ C:\Users\Jef\Downloads\SecurityCheck.exe
2013-08-17 11:25 - 2013-08-17 11:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 10:30 - 2013-08-17 10:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Jef\Downloads\rkill.exe
2013-08-17 01:11 - 2013-08-17 10:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-17 01:06 - 2013-08-17 10:22 - 00000000 ____D C:\Users\Jef\Desktop\mbar
2013-08-17 01:06 - 2013-08-17 01:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Jef\Downloads\mbar-1.06.1.1005.exe
2013-08-16 23:37 - 2013-08-16 23:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jef\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-16 23:29 - 2013-08-16 23:31 - 00041073 _____ C:\Users\Jef\Downloads\Result.txt
2013-08-16 23:28 - 2013-08-16 23:28 - 00760937 _____ (Farbar) C:\Users\Jef\Downloads\MiniToolBox.exe
2013-08-16 22:55 - 2013-08-16 22:55 - 00003747 _____ C:\Users\Jef\Downloads\FSS.txt
2013-08-16 22:54 - 2013-08-16 22:54 - 00357085 _____ (Farbar) C:\Users\Jef\Downloads\FSS.exe
2013-08-16 22:26 - 2013-08-16 22:26 - 00000000 ____D C:\ProgramData\StarApp
2013-08-15 02:03 - 2013-08-15 02:06 - 00000000 ____D C:\Windows\System32\MRT
2013-08-07 21:25 - 2013-08-07 21:34 - 1710440826 _____ C:\Users\Jef\Downloads\wetransfer-581047.zip
2013-07-31 17:22 - 2013-07-31 17:22 - 00002078 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2013-08-27 21:50 - 2013-08-27 21:50 - 00000000 ____D C:\FRST
2013-08-27 18:46 - 2008-09-04 23:31 - 01833047 _____ C:\Windows\WindowsUpdate.log
2013-08-26 19:25 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 19:25 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 17:56 - 2008-09-10 16:06 - 00000000 ____D C:\Program Files\Steam
2013-08-26 17:33 - 2006-11-02 17:11 - 00686114 _____ C:\Windows\System32\perfh013.dat
2013-08-26 17:33 - 2006-11-02 17:11 - 00136118 _____ C:\Windows\System32\perfc013.dat
2013-08-26 17:33 - 2006-11-02 11:33 - 01525366 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-25 21:39 - 2011-02-17 21:54 - 00000000 ____D C:\Users\Jef\AppData\Roaming\Media Player Classic
2013-08-25 21:37 - 2011-02-17 11:54 - 00000000 ____D C:\Users\Jef\AppData\Roaming\uTorrent
2013-08-25 21:28 - 2013-05-06 17:36 - 56459264 _____ C:\Windows\System32\config\software.iobit
2013-08-25 21:28 - 2013-05-06 17:36 - 00802816 _____ C:\Windows\System32\config\default.iobit
2013-08-25 21:28 - 2013-05-06 17:36 - 00061440 _____ C:\Windows\System32\config\sam.iobit
2013-08-25 21:28 - 2013-05-06 17:36 - 00024576 _____ C:\Windows\System32\config\security.iobit
2013-08-25 21:28 - 2013-03-30 18:56 - 41631744 _____ C:\Windows\System32\config\components.iobit
2013-08-25 21:28 - 2008-09-04 23:53 - 00000000 ____D C:\users\Jef
2013-08-25 21:20 - 2008-09-04 23:57 - 00000000 ____D C:\Users\Jef\AppData\Local\Google
2013-08-25 19:11 - 2013-08-25 19:11 - 00022914 _____ C:\Users\Jef\Downloads\subtitlesnl.com-771Game.of.Thrones.S03E07.HDTV.x264-2HD.rar
2013-08-25 18:58 - 2011-04-28 15:41 - 00000000 ____D C:\Users\Jef\Desktop\anti
2013-08-25 17:59 - 2010-10-04 20:22 - 00000000 ____D C:\Users\Jef\Desktop\Projecten Legio XI
2013-08-23 21:45 - 2013-08-23 21:45 - 00000000 ____D C:\Users\Jef\Documents\EA Games
2013-08-23 21:39 - 2013-08-23 21:40 - 00891115 _____ C:\Users\Jef\Desktop\SecurityCheck(1).exe
2013-08-23 21:39 - 2013-08-23 21:39 - 00891115 _____ C:\Users\Jef\Downloads\SecurityCheck(1).exe
2013-08-23 21:38 - 2013-08-23 21:38 - 00000534 _____ C:\Users\Public\Desktop\Medal of Honor Pacific Assault™.lnk
2013-08-23 21:32 - 2008-02-28 20:17 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-23 20:39 - 2013-08-23 20:39 - 00009527 _____ C:\ComboFix.txt
2013-08-23 20:39 - 2013-08-23 20:19 - 00000000 ____D C:\ComboFix
2013-08-23 20:39 - 2011-05-02 21:28 - 00000000 ____D C:\Qoobox
2013-08-23 20:35 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-08-23 20:17 - 2013-08-23 20:17 - 05111180 _____ (Swearware) C:\Users\Jef\Downloads\ComboFix.exe
2013-08-23 20:17 - 2011-04-29 15:53 - 05111180 ____R (Swearware) C:\Users\Jef\Desktop\ComboFix.exe
2013-08-23 19:32 - 2013-08-23 19:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 19:29 - 2013-08-23 19:29 - 01021434 _____ (Thisisu) C:\Users\Jef\Downloads\JRT.exe
2013-08-23 19:07 - 2012-04-26 00:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-23 19:06 - 2013-08-23 19:03 - 00000000 ____D C:\AdwCleaner
2013-08-23 17:00 - 2013-08-23 17:00 - 00975858 _____ C:\Users\Jef\Downloads\adwcleaner.exe
2013-08-23 16:26 - 2008-09-09 15:49 - 00057344 _____ C:\Users\Jef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-22 18:05 - 2012-12-22 00:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-22 18:05 - 2011-12-02 23:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-18 21:07 - 2012-01-06 18:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-18 17:46 - 2013-08-18 17:46 - 00688992 ____R (Swearware) C:\Users\Jef\Downloads\dds.com
2013-08-18 15:38 - 2008-09-09 14:05 - 00000000 ____D C:\Users\Jef\Desktop\Ledenlijst
2013-08-18 10:34 - 2013-08-18 10:34 - 00891115 _____ C:\Users\Jef\Downloads\SecurityCheck.exe
2013-08-17 11:26 - 2013-08-17 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 10:30 - 2013-08-17 10:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Jef\Downloads\rkill.exe
2013-08-17 10:22 - 2013-08-17 01:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-17 10:22 - 2013-08-17 01:06 - 00000000 ____D C:\Users\Jef\Desktop\mbar
2013-08-17 01:06 - 2013-08-17 01:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Jef\Downloads\mbar-1.06.1.1005.exe
2013-08-17 00:44 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Help
2013-08-16 23:57 - 2011-04-29 16:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-16 23:38 - 2013-08-16 23:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jef\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-16 23:31 - 2013-08-16 23:29 - 00041073 _____ C:\Users\Jef\Downloads\Result.txt
2013-08-16 23:28 - 2013-08-16 23:28 - 00760937 _____ (Farbar) C:\Users\Jef\Downloads\MiniToolBox.exe
2013-08-16 22:55 - 2013-08-16 22:55 - 00003747 _____ C:\Users\Jef\Downloads\FSS.txt
2013-08-16 22:54 - 2013-08-16 22:54 - 00357085 _____ (Farbar) C:\Users\Jef\Downloads\FSS.exe
2013-08-16 22:26 - 2013-08-16 22:26 - 00000000 ____D C:\ProgramData\StarApp
2013-08-16 22:17 - 2009-03-10 19:09 - 00000000 ____D C:\Users\Jef\Desktop\Artikels CR
2013-08-16 11:33 - 2008-09-28 19:29 - 00002605 _____ C:\Users\Jef\Desktop\Microsoft Office Word 2007.lnk
2013-08-15 02:06 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 02:03 - 2008-09-27 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 02:03 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-07 21:34 - 2013-08-07 21:25 - 1710440826 _____ C:\Users\Jef\Downloads\wetransfer-581047.zip
2013-07-31 17:22 - 2013-07-31 17:22 - 00002078 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-31 17:22 - 2008-02-28 20:55 - 00000000 ____D C:\Program Files\Google
2013-07-31 17:20 - 2010-08-21 15:55 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\Jef\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
C:\Users\Jef\AppData\Local\Temp\ispF184.tmp\_Setup.dll
C:\Users\Jef\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-20 20:59:56
Restore point made on: 2013-08-23 20:20:20
Restore point made on: 2013-08-23 21:32:27
Restore point made on: 2013-08-26 20:14:01

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4093.63 MB
Available physical RAM: 3565.72 MB
Total Pagefile: 3796.97 MB
Available Pagefile: 3638.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.71 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:117.54 GB) (Free:3.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.89 GB) (Free:22.06 GB) NTFS
Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:16.9 GB) NTFS
Drive f: (MOHPA) (CDROM) (Total:3.26 GB) (Free:0 GB) UDF
Drive g: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.26 GB) NTFS
Drive h: () (Removable) (Total:0.96 GB) (Free:0.26 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: A2FACEBA)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: E7180F3B)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 983 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=983 MB) - (Type=0E)


LastRegBack: 2013-08-26 17:34

==================== End Of Log ============================

 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 28 August 2013 - 07:47 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
C:\Users\Jef\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
C:\Users\Jef\AppData\Local\Temp\ispF184.tmp\_Setup.dll
C:\Users\Jef\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

Restart the computer normally.

How is it now?

#12 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 August 2013 - 07:57 AM

Dear Nasqaq,

 

Thanks.

 

Are you sure it is FRST64 I have to run? Or do I have to run FRST, as I did before?



#13 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 August 2013 - 09:10 AM

I did the fix, and I restarted my computer. It started normally now.

 

I can not make a connection to my network, though... I can't open the networkcenter to connect. When I try to open the network center via the icon on my desktop I get a blank network center window that can not be closed.

 

Task manager doesn't work either...

 

 

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-08-2013 03
Ran by SYSTEEM at 2013-08-28 15:42:29 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
C:\Users\Jef\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
C:\Users\Jef\AppData\Local\Temp\ispF184.tmp\_Setup.dll
C:\Users\Jef\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
*****************

C:\Users\Jef\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe => Moved successfully.
C:\Users\Jef\AppData\Local\Temp\ispF184.tmp\_Setup.dll => Moved successfully.
C:\Users\Jef\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll => Moved successfully.

==== End of Fixlog ====



#14 nasdaq

nasdaq

  • Malware Response Team
  • 20,839 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 28 August 2013 - 09:46 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "[b]Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#15 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 August 2013 - 10:25 AM

Here they are:

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Jef (administrator) on 28-08-2013 at 17:19:50
Running from "C:\Users\Jef\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 0

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****
 

 

 

 

 

Farbar Service Scanner Version: 18-08-2013
Ran by Jef (administrator) on 28-08-2013 at 17:21:12
Running from "C:\Users\Jef\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 12:18] - [2011-04-21 15:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-12-16 21:10] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 18:08] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-09-16 13:49] - [2008-01-19 09:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2006-11-02 10:57] - [2006-11-02 11:46] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-09-16 13:49] - [2008-01-19 09:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-09-16 13:48] - [2008-01-19 09:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-09-16 13:48] - [2008-01-19 09:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-09-16 13:49] - [2008-01-19 09:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-09-12 02:40] - [2008-09-12 02:40] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-09-16 13:47] - [2008-01-19 09:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 11:02] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users