Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help something is restricting my internet connection(TRIED EVERYTHING)


  • This topic is locked This topic is locked
21 replies to this topic

#1 Apiffyone

Apiffyone

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 February 2013 - 12:02 AM

Ok. So first things first. I ran a registry cleaner(NETGATE) and afterwards i lost my internet connection completely. It said it was connected, but nothing was working. So after much grief I finally ran sfc /scannow and my internet connection came back to me....the only problem is now its slow as bleep. There are other computers connected with the router and mine is the only affected. I've gone through everything I can trolling the internets for the answers and much of it has helped, but I can't do this alone anymore. I need some help real bad its driving me nuts. So tell me what specs I can give you to show you wtf is going on with my world.


Please and Thank you. - apiffyone


p.s- tried /release /renew netsh dnsflush ect. all by just reading tid bits of others same issues. maybe someone can make sense of it.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 28 February 2013 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 

  •  


  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  



  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.

 

  • Double click on the DDS icon, allow it to run. 


  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 


  • Notepad will open with the results. 


  • Follow the instructions that pop up for posting the results. 

Please note:  You may have to disable any script protection running if the scan fails to run.
 
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===
 
Third party programs if not up to date can be the cause of infiltration an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.

  • Double click on AdwCleaner.exe to run the tool.

  • Click on Delete tab follow the prompts.

  • A log file will automatically open after the scan has finished.

  • Please post the content of that log file with your next answer.

  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.


#3 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 February 2013 - 11:44 AM

Hey thanks for your help. As requested:

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 1.6.0_26
Run by Piffaxander at 11:37:21 on 2013-02-28
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4030.1843 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe
C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe
C:\Users\Piffaxander\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\CamStudio\Recorder.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Driver Tool] C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe /applicationMode:systemTray /showWelcome:false
uRun: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
StartupFolder: C:\Users\PIFFAX~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Piffaxander\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6311770A-DA8E-4481-B3D3-528AF9F230BC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A3A4A3B6-9607-4468-85A4-AF92C175D916} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A3A4A3B6-9607-4468-85A4-AF92C175D916}\D69745F65736860243740284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C0F0C68A-EEB5-4466-8102-45358537308F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5E155B6-F29F-4A60-922C-BFACAEDFB93B} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Users\Piffaxander\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Piffaxander\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-03 17:12; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-2-24 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-2-24 28216]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-24 14904]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-20 182088]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-23 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-23 682344]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service;C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [2013-2-22 618832]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-10 24176]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-28 11:36:56    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-02-28 00:00:03    --------    d-----w-    C:\FRST
2013-02-26 13:15:10    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E8F2B6E-A8FB-4D46-86AD-588310734B29}\mpengine.dll
2013-02-26 12:56:53    98816    ----a-w-    C:\Windows\sed.exe
2013-02-26 12:56:53    256000    ----a-w-    C:\Windows\PEV.exe
2013-02-26 12:56:53    208896    ----a-w-    C:\Windows\MBR.exe
2013-02-24 16:47:24    --------    d-----w-    C:\ProgramData\Norton
2013-02-24 13:46:23    --------    d-----w-    C:\ProgramData\Backup
2013-02-24 13:45:43    --------    d-----w-    C:\Users\Piffaxander\AppData\Local\WPFBChanger
2013-02-24 13:45:28    --------    d-----w-    C:\Program Files (x86)\Wallpaper Changer
2013-02-24 13:42:58    616024    ----a-w-    C:\Windows\SysWow64\COMCTL32.OCX
2013-02-24 13:42:58    --------    d-----w-    C:\Program Files\XP TCPIP Repair
2013-02-24 13:30:51    --------    d-----w-    C:\Program Files (x86)\RegInOut
2013-02-24 13:27:26    --------    d-----w-    C:\ProgramData\RegInOut
2013-02-24 13:27:24    --------    d-----w-    C:\Program Files (x86)\RegInOut System Utilities
2013-02-24 13:16:00    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel Corporation
2013-02-24 13:15:51    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\Intel Corporation
2013-02-24 13:10:46    543104    ----a-w-    C:\Windows\System32\PROUnstl.exe
2013-02-24 13:04:55    647736    ----a-w-    C:\Windows\System32\drivers\iaStorA.sys
2013-02-24 13:04:55    28216    ----a-w-    C:\Windows\System32\drivers\iaStorF.sys
2013-02-24 13:03:29    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-02-24 13:03:10    --------    d-----w-    C:\Intel
2013-02-24 13:01:10    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2013-02-24 12:58:35    --------    d-----w-    C:\ProgramData\UAB
2013-02-24 12:58:31    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\PCCUStubInstaller
2013-02-24 12:58:27    --------    d-----w-    C:\Users\Piffaxander\AppData\Local\PC_Drivers_Headquarters
2013-02-24 12:58:20    --------    d-----w-    C:\ProgramData\Driver Tool
2013-02-24 12:57:13    --------    d-----w-    C:\Program Files (x86)\Driver Tool
2013-02-24 03:03:00    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\Registry Help Pro
2013-02-24 03:02:57    --------    d-----w-    C:\Users\Piffaxander\AppData\Local\Registry Help Pro
2013-02-24 02:59:45    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\TweakNow PowerPack 2012
2013-02-24 02:59:45    --------    d-----w-    C:\Program Files (x86)\TweakNow PowerPack 2012
2013-02-23 14:15:34    --------    d-----w-    C:\Program Files (x86)\Badosoft
2013-02-23 14:09:59    --------    d-----w-    C:\Users\Piffaxander\AppData\Local\Programs
2013-02-23 06:09:38    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\PandoraRecovery
2013-02-23 06:09:36    --------    d-----w-    C:\Program Files (x86)\Pandora Recovery
2013-02-22 23:14:38    398336    ----a-w-    C:\Windows\System32\regedit.exe
2013-02-22 23:14:38    2614272    ----a-w-    C:\Windows\System32\explorer.exe
2013-02-22 22:48:41    --------    d-----w-    C:\Users\Piffaxander\AppData\Roaming\NETGATE Registry Cleaner
2013-02-21 20:47:26    --------    d-----w-    C:\Program Files\NETGATE
2013-02-15 22:04:52    208448    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:04:52    208448    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 08:03:01    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:03:01    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:17:42    5500776    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-05 21:25:19    --------    d-----w-    C:\Users\Piffaxander\AppData\Local\EA Games
2013-02-05 21:23:32    --------    d-----w-    C:\ProgramData\Origin
2013-02-05 19:22:08    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-02-03 12:50:54    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-02-03 12:50:39    --------    d-----w-    C:\Windows\CD6329998BB745B5918E011545F6BB1D.TMP
2013-02-03 12:50:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-02-01 23:42:42    36472    ----a-w-    C:\Windows\System32\NicCo36.dll
2013-02-01 23:42:42    101216    ----a-w-    C:\Windows\System32\NicInE6.dll
2013-02-01 23:42:41    302464    ----a-w-    C:\Windows\System32\drivers\e1e6232e.sys
2013-02-01 23:42:41    121440    ----a-w-    C:\Windows\System32\e1000msg.dll
.
==================== Find3M  ====================
.
2013-02-27 13:09:30    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-27 13:09:29    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 23:13:46    65552    --sh--w-    C:\ProgramData\Desktop.lnk
2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-05 05:02:17    3957608    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02:17    3902312    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41:01    1893224    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-04 05:40:54    287576    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-01-04 05:37:01    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-04 05:37:00    243200    ----a-w-    C:\Windows\System32\wow64.dll
2013-01-04 05:37:00    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-01-04 05:36:33    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 05:33:49    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-01-04 05:30:34    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-04 05:27:03    6144    ---ha-w-    C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27:02    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27:01    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27:01    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27:00    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27:00    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27:00    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:51:09    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:51:08    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-01-04 03:22:49    3150848    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 03:19:55    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-01-04 02:48:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:48:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:48:34    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-04 02:48:33    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:43:35    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-12-19 00:43:10    815984    ----a-w-    C:\Windows\System32\ncs2dmix.dll
2012-12-19 00:43:08    778608    ----a-w-    C:\Windows\System32\accesor.dll
2012-12-19 00:32:04    220016    ----a-w-    C:\Windows\System32\ncs2instutility.dll
2012-12-19 00:26:42    3617648    ----a-w-    C:\Windows\System32\ncscolib.dll
2012-12-18 21:11:20    33616    ----a-w-    C:\Windows\System32\drivers\iqvw64e.sys
2012-12-16 16:52:02    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-07 05:41:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34    2745856    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 05:04:20    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08    45568    ----a-w-    C:\Windows\SysWow64\oflc-nz.rs
.
============= FINISH: 11:41:45.09 ===============

Security Check:

 Results of screen317's Security Check version 0.99.60  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 26  
 Java version out of Date!
 Adobe Flash Player 11.6.602.171  
 Adobe Reader XI  
 Mozilla Firefox (19.0)
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




Adcleaner log:

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 11:41:02
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Piffaxander - PIFFAXANDER-PC
# Boot Mode : Normal
# Running from : C:\Users\Piffaxander\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Piffaxander\AppData\Local\APN
Folder Found : C:\Users\Piffaxander\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\prefs.js

[OK] File is clean.

File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hmbauphr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Piffaxander\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3739 octets] - [28/02/2013 11:41:02]

########## EOF - C:\AdwCleaner[R1].txt - [3799 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 28 February 2013 - 01:48 PM


Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
 
 
Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
You can manually check your present version and update as recommended.
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
Java™ 6 Update 26
 
Java 7 update 10 introduced important new security controls
You can read about it here.
 
Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
 
For you added security install Windows 7 Service Pack 1 (SP1)
===
 
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


#5 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 February 2013 - 11:38 PM

Thanks again for your patience.

Adware log :


# AdwCleaner v2.113 - Logfile created 02/28/2013 at 22:51:29
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Piffaxander - PIFFAXANDER-PC
# Boot Mode : Normal
# Running from : C:\Users\Piffaxander\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Piffaxander\AppData\Local\APN
Folder Found : C:\Users\Piffaxander\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\prefs.js

[OK] File is clean.

File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hmbauphr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Piffaxander\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3862 octets] - [28/02/2013 11:41:02]
AdwCleaner[R2].txt - [3797 octets] - [28/02/2013 22:51:29]

########## EOF - C:\AdwCleaner[R2].txt - [3857 octets] ##########

Combofix log :

ComboFix 13-02-26.01 - Piffaxander 02/28/2013  23:19:27.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4030.2414 [GMT -5:00]
Running from: c:\users\Piffaxander\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-01 to 2013-03-01  )))))))))))))))))))))))))))))))
.
.
2013-03-01 04:31 . 2013-03-01 04:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-24 16:47 . 2013-02-27 23:52    --------    d-----w-    c:\programdata\Norton
2013-02-24 13:46 . 2013-02-24 13:46    --------    d-----w-    c:\programdata\Backup
2013-02-24 13:45 . 2013-02-24 13:45    --------    d-----w-    c:\users\Piffaxander\AppData\Local\WPFBChanger
2013-02-24 13:45 . 2013-02-24 13:45    --------    d-----w-    c:\program files (x86)\Wallpaper Changer
2013-02-24 13:42 . 2013-02-24 13:42    --------    d-----w-    c:\program files\XP TCPIP Repair
2013-02-24 13:42 . 2008-11-13 15:26    616024    ----a-w-    c:\windows\SysWow64\COMCTL32.OCX
2013-02-24 13:30 . 2013-02-24 13:30    --------    d-----w-    c:\program files (x86)\RegInOut
2013-02-24 13:27 . 2013-02-24 13:31    --------    d-----w-    c:\programdata\RegInOut
2013-02-24 13:27 . 2013-02-24 13:27    --------    d-----w-    c:\program files (x86)\RegInOut System Utilities
2013-02-24 13:16 . 2013-02-24 13:16    --------    d-----w-    c:\program files (x86)\Common Files\Intel Corporation
2013-02-24 13:15 . 2013-02-24 13:15    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\Intel Corporation
2013-02-24 13:10 . 2013-02-24 13:10    --------    d-----w-    c:\program files\Intel
2013-02-24 13:10 . 2012-12-11 21:11    543104    ----a-w-    c:\windows\system32\PROUnstl.exe
2013-02-24 13:04 . 2012-09-01 23:01    647736    ----a-w-    c:\windows\system32\drivers\iaStorA.sys
2013-02-24 13:04 . 2012-09-01 23:01    28216    ----a-w-    c:\windows\system32\drivers\iaStorF.sys
2013-02-24 13:04 . 2013-02-24 13:04    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\InstallShield
2013-02-24 13:03 . 2013-02-24 13:07    --------    d-----w-    c:\program files (x86)\Intel
2013-02-24 13:03 . 2011-02-28 13:09    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
2013-02-24 13:03 . 2013-02-24 13:03    --------    d-----w-    C:\Intel
2013-02-24 13:01 . 2013-02-24 13:01    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2013-02-24 13:01 . 2013-02-24 13:01    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\SystemRequirementsLab
2013-02-24 12:58 . 2013-02-24 12:58    --------    d-----w-    c:\programdata\UAB
2013-02-24 12:58 . 2013-02-24 12:58    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\PCCUStubInstaller
2013-02-24 12:58 . 2013-02-24 12:58    --------    d-----w-    c:\users\Piffaxander\AppData\Local\PC_Drivers_Headquarters
2013-02-24 12:58 . 2013-02-24 12:58    --------    d-----w-    c:\programdata\Driver Tool
2013-02-24 12:57 . 2013-02-24 12:57    --------    d-----w-    c:\program files (x86)\Driver Tool
2013-02-24 03:03 . 2013-02-24 03:09    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\Registry Help Pro
2013-02-24 03:02 . 2013-02-24 03:15    --------    d-----w-    c:\users\Piffaxander\AppData\Local\Registry Help Pro
2013-02-24 02:59 . 2013-02-24 03:24    --------    d-----w-    c:\program files (x86)\TweakNow PowerPack 2012
2013-02-24 02:59 . 2013-02-24 02:59    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\TweakNow PowerPack 2012
2013-02-23 14:15 . 2013-02-23 14:15    --------    d-----w-    c:\program files (x86)\Badosoft
2013-02-23 14:09 . 2013-02-23 14:09    --------    d-----w-    c:\users\Piffaxander\AppData\Local\Programs
2013-02-23 06:09 . 2013-02-23 06:09    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\PandoraRecovery
2013-02-23 06:09 . 2013-02-23 06:46    --------    d-----w-    c:\program files (x86)\Pandora Recovery
2013-02-22 23:14 . 2009-10-31 05:45    2614272    ----a-w-    c:\windows\system32\explorer.exe
2013-02-22 23:14 . 2009-07-14 01:14    398336    ----a-w-    c:\windows\system32\regedit.exe
2013-02-22 22:48 . 2013-02-22 22:48    --------    d-----w-    c:\users\Piffaxander\AppData\Roaming\NETGATE Registry Cleaner
2013-02-22 00:05 . 2013-02-22 00:05    --------    d-----w-    c:\users\test
2013-02-21 20:47 . 2013-02-22 22:48    --------    d-----w-    c:\program files\NETGATE
2013-02-15 22:04 . 2013-02-15 22:04    208448    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 08:03 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:03 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:17 . 2013-01-05 05:57    5500776    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-05 21:25 . 2013-02-05 21:25    --------    d-----w-    c:\users\Piffaxander\AppData\Local\EA Games
2013-02-05 21:23 . 2013-02-05 21:23    --------    d-----w-    c:\programdata\Origin
2013-02-05 19:22 . 2013-02-17 13:51    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2013-02-03 12:50 . 2013-02-03 12:50    --------    d-----w-    c:\program files\Enigma Software Group
2013-02-03 12:50 . 2013-02-17 13:18    --------    d-----w-    c:\windows\CD6329998BB745B5918E011545F6BB1D.TMP
2013-02-03 12:50 . 2013-02-03 12:50    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-02-01 23:42 . 2012-08-14 19:00    101216    ----a-w-    c:\windows\system32\NicInE6.dll
2013-02-01 23:42 . 2009-05-26 17:05    36472    ----a-w-    c:\windows\system32\NicCo36.dll
2013-02-01 23:42 . 2012-10-30 09:22    302464    ----a-w-    c:\windows\system32\drivers\e1e6232e.sys
2013-02-01 23:42 . 2007-12-14 20:06    121440    ----a-w-    c:\windows\system32\e1000msg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 04:08 . 2011-03-31 10:53    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-27 13:09 . 2012-04-08 06:01    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 13:09 . 2011-06-11 23:36    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 23:13 . 2011-01-31 01:41    65552    --sh--w-    c:\programdata\Desktop.lnk
2013-01-17 06:28 . 2010-12-06 21:42    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 12:17    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-19 00:43 . 2012-12-19 00:43    815984    ----a-w-    c:\windows\system32\ncs2dmix.dll
2012-12-19 00:43 . 2012-12-19 00:43    778608    ----a-w-    c:\windows\system32\accesor.dll
2012-12-19 00:32 . 2012-12-19 00:32    220016    ----a-w-    c:\windows\system32\ncs2instutility.dll
2012-12-19 00:26 . 2012-12-19 00:26    3617648    ----a-w-    c:\windows\system32\ncscolib.dll
2012-12-18 21:11 . 2012-12-18 21:11    33616    ----a-w-    c:\windows\system32\drivers\iqvw64e.sys
2012-12-16 16:52 . 2012-12-21 08:01    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 08:01    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 08:01    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 08:01    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-12-10 15:38    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-07 05:41 . 2013-01-09 18:52    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 18:52    2745856    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 18:52    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 18:52    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 18:52    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 18:52    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 18:52    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 18:52    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 18:52    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 18:52    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 18:52    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 18:52    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 18:52    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 18:52    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 18:52    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 18:52    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 18:52    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 18:52    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 18:52    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 18:52    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 18:52    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 18:52    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 18:52    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 18:52    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 18:52    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 18:52    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 18:52    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Tool"="c:\program files (x86)\Driver Tool\Driver Tool\DriverTool.exe" [2013-01-25 3546992]
"Wallpaper Changer"="c:\program files (x86)\Wallpaper Changer\Wallpaper Changer.exe" [2013-01-23 1882624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Piffaxander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Piffaxander\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 28216]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-11-21 182088]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [2013-02-21 618832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 04:12    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 13:09]
.
2013-02-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3529437901-3417154301-3122576293-1000Core.job
- c:\users\Piffaxander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 14:27]
.
2013-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3529437901-3417154301-3122576293-1000UA.job
- c:\users\Piffaxander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 14:27]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 03:20]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 03:20]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-03 17:12; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-28  23:33:18
ComboFix-quarantined-files.txt  2013-03-01 04:33
ComboFix2.txt  2013-02-28 00:24
.
Pre-Run: 16,881,315,840 bytes free
Post-Run: 16,747,126,784 bytes free
.
- - End Of File - - C367FF752F4B23D3B7E0A3F23E4834C1



I updated java, and now downloading service pack 1 install.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 01 March 2013 - 08:43 AM

Looking good.
 
If all is well:
 
Time for some housekeeping
The following will implement some cleanup procedures as well as reset  System Restore points:
 
Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
 
ComboFix /Uninstall 
===
 
To remove AdwCleaner.
 
Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
 
If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.
 
Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
 
Surf Safely, and Think Prevention!
===


#7 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 02 March 2013 - 08:27 AM

Well uhh. My problem is still happening. Infact if I can be honest now my internet speed is even slower. Just to repeat my problem. I used registry cleaner. lost internet access, got it back with system file checker, and now its crawling slow. So please for the love of everything help me.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 02 March 2013 - 09:49 AM

I missed that your last log ffrom the AdwCleaner is just a Search.

 

I need you to run the Tool again and Select the Delete Option.

 

===

 

 

Can you boot to Safe Mode?
Is the performance of the computer any good?
 

I used registry cleaner. lost internet access, got it back with system file checker,

 
I cannot find out what was removed by the Registry Cleaner. Unless you have a log that was created by the tool you used.
 
Can you restore you system to a date prior to your problem and post a fresh DDS log.
We can always take it from there.


#9 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 March 2013 - 08:47 AM

I have no previous restore points, and like an ass I uninstalled the registry cleaner once it messed up my internet connection so I wasn't even able to restore the files that got deleted. I have tried booting into safe mode, but no change.


Here's the AdwCleaner log with deleted:

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 08:38:42
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Piffaxander - PIFFAXANDER-PC
# Boot Mode : Normal
# Running from : C:\Users\Piffaxander\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Piffaxander\AppData\Local\APN
Folder Deleted : C:\Users\Piffaxander\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Piffaxander\AppData\Roaming\Mozilla\Firefox\Profiles\u9nic308.default\prefs.js

[OK] File is clean.

File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\hmbauphr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Piffaxander\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3862 octets] - [28/02/2013 11:41:02]
AdwCleaner[R2].txt - [3920 octets] - [28/02/2013 22:51:29]
AdwCleaner[S1].txt - [3941 octets] - [03/03/2013 08:38:42]

########## EOF - C:\AdwCleaner[S1].txt - [4001 octets] ##########



Is there anyway I can show you my network settings to see what could be restricting my internet so much? I am use to getting 2mbps a sec downloading and now my highest is 170 kbps. I can't figure out what it could be for the life of me. Would a fresh install of windows 7 do the trick?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 03 March 2013 - 10:38 AM

 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:


  • Internet Services

  • Windows Firewall

  • System Restore

  • Security Center/Action center

  • Windows Update

  • Windows Defender

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.

===
Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop. 
 
 
Quit all running programs.
 
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
 
Click Scan to scan the system. 
When the scan completes > Close out the program > Don't Fix anything!
 
Don't run any other options, they're not all bad!!!!!!!
 
Post back the report which should be located on your desktop.
====


#11 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 March 2013 - 10:44 AM

FSS scanner:

Farbar Service Scanner Version: 03-03-2013
Ran by Piffaxander (administrator) on 03-03-2013 at 10:40:43
Running from "C:\Users\Piffaxander\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


And this is the rouge log :

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Piffaxander [Admin rights]
Mode : Scan -- Date : 03/03/2013 10:43:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] {0EF7466D-8720-443D-A7F4-6BFDD1EBE01D} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> FOUND
[TASK][SUSP PATH] {6E658724-62A4-451A-80CE-56CEC651D931} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ATA ST3250820AS SCSI Disk Device +++++
--- User ---
[MBR] 5aa2ba87acab01ab3e40b95322b9e0d6
[BSP] b75d73dc9fa00c1fc7022645e4572ab5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238416 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03032013_02d1043.txt >>
RKreport[1]_S_03032013_02d1043.txt


 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 03 March 2013 - 12:33 PM

 
 
Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)
 
[TASK][SUSP PATH] {0EF7466D-8720-443D-A7F4-6BFDD1EBE01D} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> FOUND
[TASK][SUSP PATH] {6E658724-62A4-451A-80CE-56CEC651D931} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
Now click Delete on the right hand column under Options
 
Continue
 
Next click on the Files tab and put a check next to these and uncheck the rest. (if found)
 
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
 
Now click Delete on the right hand column under Options
 
Post back the report which should be located on your desktop.
 
Let me know what problem persists.


#13 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 March 2013 - 01:34 PM

Did a restart after and still the same internet speed.

Log here:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Piffaxander [Admin rights]
Mode : Remove -- Date : 03/03/2013 13:32:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {0EF7466D-8720-443D-A7F4-6BFDD1EBE01D} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> DELETED
[TASK][SUSP PATH] {6E658724-62A4-451A-80CE-56CEC651D931} : C:\Users\Piffaxander\Desktop\eyeinst.exe  [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ATA ST3250820AS SCSI Disk Device +++++
--- User ---
[MBR] 5aa2ba87acab01ab3e40b95322b9e0d6
[BSP] b75d73dc9fa00c1fc7022645e4572ab5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238416 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_03032013_02d1332.txt >>
RKreport[1]_S_03032013_02d1043.txt ; RKreport[2]_S_03032013_02d1330.txt ; RKreport[3]_D_03032013_02d1332.txt


 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 04 March 2013 - 09:35 AM

Please download MiniToolBox to Desktop and run it.
 
Check mark the following boxes:
 
[1]Flush DNS
[2]Report IE Proxy Settings
[3]Reset IE Proxy Settings
[4]Report FF Proxy Settings
[5]Reset FF Proxy Settings
[6]List content of Hosts
[7]List IP configuration
[8]List Winsock Entries
[9]List last 10 Event Viewer log
[10*]List installed programs
 
Click Go and copy/paste the log (Result.txt) into your next post.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#15 Apiffyone

Apiffyone
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 04 March 2013 - 11:36 AM

Thanks for your continued effort lol this is a pain in my ass. Here's the log let me know if you see anything weird.

MiniToolBox by Farbar  Version:01-03-2013
Ran by Piffaxander (administrator) on 04-03-2013 at 11:33:48
Running from "C:\Users\Piffaxander\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://127.0.0.1:9000/proxy.pac"
"network.proxy.no_proxies_on", ""
"network.proxy.socks_version", 4
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® 82566DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Piffaxander-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-19-D1-76-55-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 04, 2013 8:44:58 AM
   Lease Expires . . . . . . . . . . : Tuesday, March 05, 2013 8:44:57 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4cc:2be:b314:f7f8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4cc:2be:b314:f7f8%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2607:f8b0:4006:801::1004
      74.125.226.225
      74.125.226.227
      74.125.226.232
      74.125.226.238
      74.125.226.224
      74.125.226.230
      74.125.226.229
      74.125.226.226
      74.125.226.231
      74.125.226.228
      74.125.226.233


Pinging google.com [74.125.226.225] with 32 bytes of data:
Reply from 74.125.226.225: bytes=32 time=33ms TTL=53
Reply from 74.125.226.225: bytes=32 time=32ms TTL=53

Ping statistics for 74.125.226.225:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=666ms TTL=45
Reply from 206.190.36.45: bytes=32 time=791ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 666ms, Maximum = 791ms, Average = 728ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 19 d1 76 55 cd ......Intel® 82566DC Gigabit Network Connection
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    286
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    286
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:4137:9e76:4cc:2be:b314:f7f8/128
                                    On-link
 11    306 fe80::/64                On-link
 11    306 fe80::4cc:2be:b314:f7f8/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/03/2013 00:30:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (03/02/2013 02:55:39 PM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.2.3.28705 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e88

Start Time: 01ce177faab212b8

Termination Time: 9376

Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe

Report Id: 1bca0e07-8373-11e2-b097-0019d17655cd

Error: (03/02/2013 00:30:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (03/01/2013 00:44:45 PM) (Source: ESENT) (User: )
Description: WinMail (1500) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (03/01/2013 00:44:40 PM) (Source: ESENT) (User: )
Description: WinMail (2412) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (03/01/2013 01:15:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (02/28/2013 11:33:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x77c
Faulting application start time: 0xLVPrcSrv.exe0
Faulting application path: LVPrcSrv.exe1
Faulting module path: LVPrcSrv.exe2
Report Id: LVPrcSrv.exe3

Error: (02/28/2013 00:04:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (02/28/2013 06:49:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x24448b34
Faulting process id: 0x13a8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/28/2013 06:18:47 AM) (Source: Google Update) (User: Piffaxander-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned


System errors:
=============
Error: (03/04/2013 08:45:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2013 08:45:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2013 08:45:35 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2013 08:45:15 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2013 08:44:59 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2013 08:44:53 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/03/2013 01:56:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/03/2013 01:56:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/03/2013 01:39:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/03/2013 01:39:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (03/03/2013 00:30:10 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (03/02/2013 02:55:39 PM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.2.3.28705e8801ce177faab212b89376C:\Program Files (x86)\uTorrent\uTorrent.exe1bca0e07-8373-11e2-b097-0019d17655cd

Error: (03/02/2013 00:30:08 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (03/01/2013 00:44:45 PM) (Source: ESENT)(User: )
Description: WinMail1500WindowsMail0:

Error: (03/01/2013 00:44:40 PM) (Source: ESENT)(User: )
Description: WinMail2412WindowsMail0:

Error: (03/01/2013 01:15:52 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (02/28/2013 11:33:20 PM) (Source: Application Error)(User: )
Description: LVPrcSrv.exe12.10.1110.04acc50c4LVPrcSrv.exe12.10.1110.04acc50c4c00000050000000000007af277c01ce15a7d7e3153aC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe24eef3e6-8229-11e2-9542-0019d17655cd

Error: (02/28/2013 00:04:17 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (02/28/2013 06:49:59 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1646450ec971bunknown0.0.0.000000000c000000524448b3413a801ce15a932382057C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownf9d78aa4-819c-11e2-9542-0019d17655cd

Error: (02/28/2013 06:18:47 AM) (Source: Google Update)(User: Piffaxander-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned


CodeIntegrity Errors:
===================================
  Date: 2013-02-28 23:30:03.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-28 23:30:03.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-28 23:30:03.213
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-28 23:30:03.104
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 19:21:02.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 19:21:02.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 19:21:02.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 19:21:02.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 09:11:42.288
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 09:11:42.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
AIM 7
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CamfrogWEB Advanced ActiveX Plugin (remove only)
CamStudio
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0704.122.388)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
Catalyst Control Center Localization All (Version: 2012.0704.122.388)
CCC Help Chinese Standard (Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (Version: 2012.0704.0121.388)
CCC Help Czech (Version: 2012.0704.0121.388)
CCC Help Danish (Version: 2012.0704.0121.388)
CCC Help Dutch (Version: 2012.0704.0121.388)
CCC Help English (Version: 2012.0704.0121.388)
CCC Help Finnish (Version: 2012.0704.0121.388)
CCC Help French (Version: 2012.0704.0121.388)
CCC Help German (Version: 2012.0704.0121.388)
CCC Help Greek (Version: 2012.0704.0121.388)
CCC Help Hungarian (Version: 2012.0704.0121.388)
CCC Help Italian (Version: 2012.0704.0121.388)
CCC Help Japanese (Version: 2012.0704.0121.388)
CCC Help Korean (Version: 2012.0704.0121.388)
CCC Help Norwegian (Version: 2012.0704.0121.388)
CCC Help Polish (Version: 2012.0704.0121.388)
CCC Help Portuguese (Version: 2012.0704.0121.388)
CCC Help Russian (Version: 2012.0704.0121.388)
CCC Help Spanish (Version: 2012.0704.0121.388)
CCC Help Swedish (Version: 2012.0704.0121.388)
CCC Help Thai (Version: 2012.0704.0121.388)
CCC Help Turkish (Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
Connectivity Fixer (Version: 1.1.0)
ConvertXtoDVD 4.1.9.347 (Version: 4.1.9.347)
D3DX10 (Version: 15.4.2368.0902)
Driver Tool (Version: 8.1)
Facebook Messenger 2.1.4651.0 (Version: 2.1.4651.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Google Chrome (Version: 25.0.1364.97)
Google Update Helper (Version: 1.3.21.135)
Intel® Network Connections 18.0.1.0 (Version: 18.0.1.0)
Intel® Rapid Storage Technology (Version: 11.6.0.1030)
iTunes (Version: 10.6.1.7)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 26 (Version: 6.0.260)
Logitech High Quality Video (Version: 12.10.1113)
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
ManyCam 3.1.21 (Version: 3.1.21)
Mass Effect™ 3 (Version: 1.01.0.0)
Maxthon 3 (Version: )
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Reader
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGATE Registry Cleaner
NewsLeecher v5.0 Beta 6
NVIDIA PhysX (Version: 9.12.0213)
ooVoo (Version: 3.0.7031)
PandoraRecovery (Remove Only)
Perfect Alarm Clock (Version: 1.0)
Power PC Washer 3.2.2
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.69.80.9)
RegInOut System Utilities (Version: 4.0)
RegInOut System Utilities 3.0.0.2
Registry Help Pro
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.0 (Version: 6.0.126)
Steam (Version: 1.0.0.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
TurboTax 2010 wctiper (Version: 010.000.1892)
TweakNow PowerPack 2012 (Version: 4.2.1.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC_CRT_x64 (Version: 1.02.0000)
VirtualCloneDrive
VLC media player 1.1.5 (Version: 1.1.5)
VoiceOver Kit (Version: 1.40.128.0)
Wallpaper Changer Installer (Version: 3.0.1.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.00 beta 2 (64-bit) (Version: 4.00.2)
XP TCP/IP Repair 2.1 (Version: 2.1)


**** End of log ****
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users