Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problems due to lsass.exe (such as losing control of browser windows or keybrd)


  • This topic is locked This topic is locked
7 replies to this topic

#1 tnelecxe

tnelecxe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Groningen
  • Local time:06:57 PM

Posted 23 September 2013 - 09:42 AM

Hello community! I am writing with the following problem. In the past three days i started to notice problems with browser windows (which duplicated or didn't allow me to open a new one, also with using the keyboard by nto reconizing the shift key. I've run today a combofix which showed the result posted below. And afterwards ran the the dds (it is not the recommended order..)

 

These are the three logs, i would appreciate very much any help. All best!

Adela

 

COMBOFIX LOG

 

ComboFix 13-09-23.02 - User 09/23/2013  17:07:20.8.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.2095 [GMT 3:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\51c30d442139c1.06924464.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aileigiklelgcldjieignbgiaiccaoel\1\sqlite.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\51c311b7ba0a63.56456137.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdknlmboogkemacmdjdheijindkhggok\1\sqlite.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\51b8559cdf8f12.63525087.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\newtab.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabhogfpbblicloaglcaaadepcalcnee\1\sqlite.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Win
c:\win\desktop.exe
c:\win\lsass.exe
c:\win\names.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-23 14:13 . 2013-09-23 14:13    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-09-23 14:13 . 2013-09-23 14:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-22 16:34 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF8E4DD2-BE08-442E-8614-48A934716F84}\mpengine.dll
2013-09-21 12:27 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-15 16:50 . 2008-12-19 13:35    228692    ----a-w-    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
2013-09-05 14:17 . 2013-09-23 13:40    --------    d-----r-    c:\users\User\Dropbox
2013-09-05 14:13 . 2013-09-23 14:03    --------    d-----w-    c:\users\User\AppData\Roaming\Dropbox
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-08-25 15:03 . 2013-08-25 15:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-25 15:03 . 2013-08-25 15:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-25 15:03 . 2013-08-25 15:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-25 15:03 . 2013-08-25 15:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-25 15:03 . 2013-08-25 15:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-25 15:03 . 2013-08-25 15:03    --------    d-----w-    c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-05-14 2038568]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-05-30 322208]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-05-30 174752]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2012-04-28 2321584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 145440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 180768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 189472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.exe [2008-12-19 228692]
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2012-12-04 21:09    3058304    ----a-w-    c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 06:58    19875432    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-05 1343400]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 15640]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [2011-09-07 14464]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 Intel® ME Service;Intel® ME Service;c:\program files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-05-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-08-08 559552]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-05-15 363800]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 29184]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 13440]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-14 172328]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 349976]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 792856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-04-12 1582656]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 219240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 12:53]
.
2013-09-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
2013-09-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
mStart Page = hxxp://websearch.homesearch-hub.info/?pid=924&r=2013/06/12&hid=4290755813&lg=EN&cc=RO&unqvl=20
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
FF - ProfilePath - c:\users\User\AppData\Roaming\mozilla\firefox\Profiles\t8is1wud.default-1371035645925\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15873
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119781&tt=120613_ndc
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.privitize.hpOld0 -
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-23  17:15:12
ComboFix-quarantined-files.txt  2013-09-23 14:15
ComboFix2.txt  2013-06-24 08:30
ComboFix3.txt  2013-06-17 10:04
ComboFix4.txt  2013-06-12 11:27
ComboFix5.txt  2013-09-23 14:05
.
Pre-Run: 74,537,857,024 bytes free
Post-Run: 74,528,432,128 bytes free
.
- - End Of File - - 9764F67237E86075A6D7D09FA7725CB5
A36C5E4F47E84449FF07ED3517B43A31
 

DDS LOG

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.21.2
Run by User at 17:23:56 on 2013-09-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.1060 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Virtual Families 2 - Our Dream House\VirtualFamilies2.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
mStart Page = hxxp://websearch.homesearch-hub.info/?pid=924&r=2013/06/12&hid=4290755813&lg=EN&cc=RO&unqvl=20
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [ATKOSD2] c:\program files\asus\atk package\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk package\atk media\DMedia.exe
mRun: [HControlUser] c:\program files\asus\atk package\atk hotkey\HControlUser.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
TCP: NameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457} : DHCPNameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\34C69636B6E65647D254634434 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\6657C676562757F5262716761646962757 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\74163747E65647775627B6026716E602D4168702F4E6B656E686F65747 : DHCPNameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\75C414E4D2333344245313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\75C45323037434F5A5946425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\84F64756C6052796E6369607562313 : DHCPNameServer = 192.168.0.254 151.99.0.100 151.99.125.2
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\E45647775627B6026716E602D4168702F4E6B656E686F65747 : DHCPNameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{9A611DCC-DD90-4427-A93E-EEE1E48650AC} : DHCPNameServer = 192.168.32.203
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\t8is1wud.default-1371035645925\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15873
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:45:02
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119781&tt=120613_ndc
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.privitize.hpOld0 -
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=f6c89bbe000000000000844bf5a3c372
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-12-4 15640]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\asus\atk package\atk wmiacpi\atkwmiacpi.sys [2011-9-7 14464]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\asus\instanton for nb\InsOnSrv.exe [2012-4-13 277120]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 Intel® ME Service;Intel® ME Service;c:\program files\intel\intel® management engine components\fwservice\IntelMeFWService.exe [2012-12-4 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-12-4 165144]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2013-8-8 559552]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-12-4 363800]
R3 AsusVBus;AsusVBus;c:\windows\system32\drivers\AsusVBus.sys [2012-4-11 29184]
R3 AsusVTouch;AsusVTouch;c:\windows\system32\drivers\AsusVTouch.sys [2012-4-11 13440]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-12-4 172328]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-4 349976]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-4 792856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-4 1582656]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\drivers\RtsBaStor.sys [2012-12-4 219240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-4 414824]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-5 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-12-5 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-5 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-5 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-5 1343400]
S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
.
=============== Created Last 30 ================
.
2013-09-23 14:15:17    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-09-22 16:34:01    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ff8e4dd2-be08-442e-8614-48a934716f84}\mpengine.dll
2013-09-21 12:27:26    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-18 14:06:00    871608    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2013-09-18 14:06:00    273304    ----a-w-    c:\program files\mozilla firefox\updater.exe
2013-09-18 14:06:00    21527448    ----a-w-    c:\program files\mozilla firefox\xul.dll
2013-09-18 14:06:00    170232    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-09-18 14:06:00    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-09-18 14:06:00    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-09-18 14:06:00    152984    ----a-w-    c:\program files\mozilla firefox\softokn3.dll
2013-09-18 14:06:00    107416    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2013-09-15 16:50:42    228692    ----a-w-    c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.exe
2013-09-05 14:17:43    --------    d-----r-    c:\users\user\Dropbox
2013-09-05 14:13:24    --------    d-----w-    c:\users\user\appdata\roaming\Dropbox
2013-09-05 14:04:02    209272    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-25 15:03:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-25 15:03:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-25 15:03:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-25 15:03:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-25 15:03:33    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
.
============= FINISH: 17:24:04.89 ===============
 

FROM THE DDS-ATTACH LOG

==== Event Viewer Messages From Past Week ========
.
9/23/2013 5:13:47 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/23/2013 5:02:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
9/23/2013 3:20:14 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer ANNEMARIE-COMPA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4AC209D2-B90E-4741-9B25-A7. The master browser is stopping or an election is being forced.
9/23/2013 2:45:37 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.131. The computer with the IP address 192.168.1.114 did not allow the name to be claimed by this computer.
9/22/2013 9:36:50 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
9/21/2013 1:21:36 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.131. The computer with the IP address 192.168.1.127 did not allow the name to be claimed by this computer.
.

All best!

A

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 27 September 2013 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 tnelecxe

tnelecxe
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Groningen
  • Local time:06:57 PM

Posted 02 October 2013 - 09:35 AM

Hi Nasdaq - thank so much for giving your time and thought! Here are the 2 logs, of the adwcleaner and junkware removal tool. i couldn't go with the security check, received the message that the operation is aborted due to "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

 

First, the ADW log:

 

ADW report

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t8is1wud.default-1371035645925\\invalidprefs.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t8is1wud.default-1371035645925\searchplugins\delta.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t8is1wud.default-1371035645925\user.js
Folder Found C:\Program Files\MagniPic
Folder Found C:\Program Files\PutLockerDownloader
Folder Found C:\Program Files\WebSearch
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\User\AppData\Local\PutLockerDownloader
Folder Found C:\Users\User\AppData\Roaming\Babylon
Folder Found C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t8is1wud.default-1371035645925\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\d08dd1bd6ebe14
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_d8283021
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16455

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.homesearch-hub.info/?pid=924&r=2013/06/12&hid=4290755813&lg=EN&cc=RO&unqvl=20

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t8is1wud.default-1371035645925\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.order.1", "Search The Web (privitize)");
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "f6c89bbe000000000000844bf5a3c372");
Line Found : user_pref("extensions.delta.instlDay", "15873");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.512:45:02");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119781&tt=120613_ndc");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************


JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x86
Ran by User on Wed 10/02/2013 at 17:10:24.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-123240983-3953526646-1464163483-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\big fish games"



~~~ FireFox

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t8is1wud.default-1371035645925\prefs.js

user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372");
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=f6c89bbe000000000000844bf5a3c372");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=f6c89bbe000000000000844bf5a3c372");
user_pref("extensions.privitize.rvrt", "false");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t8is1wud.default-1371035645925\minidumps [140 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/02/2013 at 17:13:51.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Take care, all the best! Since i wrote, i had only one time a similar problem, of having the keyboard locked and couldn't type anything in the browser or in documents. I don't know if it might be related, but since last week it also became difficult connecting to the internet. The network is in view but it rejects the connection
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 03 October 2013 - 07:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You need to restart the computer and the SecurityCheck will work.
Do not submit the log just now. Will deal with it later.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 09 October 2013 - 09:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 28 October 2013 - 12:27 PM

This topic has been re-opened at the request of the person who originally posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 03 November 2013 - 08:35 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:57 PM

Posted 09 November 2013 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users