Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have no access to internet or work network


  • This topic is locked This topic is locked
11 replies to this topic

#1 bamarquez226

bamarquez226

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 24 October 2013 - 05:33 PM

Hi guys,

 

I'm having trouble with my work where I have no access to the internet, nor access to the local network. And when it does come back on according to the icon in the sys tray, I get no where.

 

I'm writing this message on a different computer, and have disconnected the trouble maker from the network.

 

I've run MBAM, and MS Essentials with no hits.

 

I'm attaching the FRST logs.

 

Thanks guys.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 27 October 2013 - 08:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] - [x]
HKLM\...\AppCertDlls: [fsutstrB] -> C:\Windows\system32\ctturgui.dll
C:\Windows\system32\ctturgui.dll
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post.
===
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 bamarquez226

bamarquez226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 27 October 2013 - 11:36 PM

Evening Nasdaq, thanks for the reply.

 

I've ran the operations per your instructions.

 

And here are the results.

 

From Adware Cleaner:

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 21:05:38
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : B. Marquez - BMARQUEZ001-PC
# Running from : C:\Users\B. Marquez\Desktop\adwcleaner (2).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\BitTorrentBar
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\Users\B. Marquez\AppData\LocalLow\BitTorrentBar
Folder Found C:\Users\B. Marquez\AppData\LocalLow\Conduit
Folder Found C:\Users\B. Marquez\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\B. Marquez\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B970185F-337E-41F5-B149-D6317F82A24F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B961BF9D-7628-435F-B23D-CA1C8C017CEA}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_flock_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_flock_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B970185F-337E-41F5-B149-D6317F82A24F}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\B. Marquez\AppData\Roaming\Mozilla\Firefox\Profiles\4m73reru.default-1367526852939\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\B. Marquez\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3220 octets] - [27/10/2013 21:05:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3280 octets] ##########
 

 

From JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x86
Ran by B. Marquez on Sun 10/27/2013 at 21:14:41.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\B. Marquez\AppData\Roaming\mozilla\firefox\profiles\4m73reru.default-1367526852939\minidumps [25 files]



~~~ Chrome

Failed to delete: [Folder] C:\Users\B. Marquez\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Folder] C:\Users\B. Marquez\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at 21:19:02.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

From DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by B. Marquez at 21:20:15 on 2013-10-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2046.1215 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\DYMO\DYMO Label Software\DLSSERVICE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\java\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\java\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DLSService] "c:\dymo\dymo label software\DLSService.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Acrobat Assistant 7.0] "c:\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\microsoft office 2000\office\OSA9.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Service Manager.norun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CFE0D7F1-AD50-413A-8C70-17A8039CA3B9} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b. marquez\appdata\roaming\mozilla\firefox\profiles\4m73reru.default-1367526852939\
FF - plugin: c:\dymo\dymo label software\framework\npDYMOLabelFramework.dll
FF - plugin: c:\java\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\java\bin\plugin2\npjp2.dll
FF - plugin: c:\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\b. marquez\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 DymoPnpService;DYMO PnP Service;c:\dymo\dymo label software\DymoPnpService.exe [2011-1-28 32336]
R2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 418376]
R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [2012-9-13 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 107392]
R2 SBSDWSCService;SBSD Security Center Service;c:\spybot - search & destroy\SDWinSec.exe [2012-3-28 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-28 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -slacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -sLACERTEDB [?]
S3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.exe -i lacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.EXE -i LACERTEDB [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2008-3-12 54016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-10-28 04:14:37    --------    d-----w-    c:\windows\ERUNT
2013-10-24 22:02:31    7796464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{3fecfaa7-3b18-40e8-8af5-675f49ed315b}\mpengine.dll
2013-10-24 21:55:55    --------    d-----w-    C:\FRST
2013-10-24 21:45:29    --------    d-----w-    C:\AdwCleaner
2013-10-24 20:24:50    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-24 20:24:42    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-24 20:22:49    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-23 19:35:41    --------    d-----w-    c:\program files\iPod
2013-10-23 19:35:39    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-23 19:35:39    --------    d-----w-    c:\program files\iTunes
2013-10-21 18:08:16    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{b29f30fd-fd4b-4399-8153-eb011346326f}\gapaengine.dll
2013-10-21 18:06:44    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-21 18:06:22    7796464    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-14 23:51:56    --------    d-----w-    c:\programdata\Oracle
2013-10-09 19:12:56    530432    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-01 18:45:42    --------    d-----w-    C:\Mozilla Firefox
.
==================== Find3M  ====================
.
2013-10-08 21:02:41    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:02:40    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 23:28:06    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-04 01:15:32    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-28 01:04:30    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 00:57:20    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2013-08-05 01:56:47    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 01:49:19    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57    271360    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:43:05    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-01 11:03:36    729024    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-01-19 07:44:40    2174976    ----a-w-    c:\program files\common files\atimpenc.dll
.
============= FINISH: 21:22:02.75 ===============
 

 

So far, it's working. I'm posting this message from the same machine, but I'm at home with it. But I'll post another message after a day at the office with it.

 

You guys are the best. Thank you Nasdaq!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 28 October 2013 - 07:53 AM

Looking good.

One last scan.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 bamarquez226

bamarquez226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 28 October 2013 - 03:12 PM

Afternoon Nasdaq,

 

It's back again, I guess I spoke too soon.

 

Here's checkup.txt:

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 MVPS Hosts File  
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 mbamscheduler.exe    
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 29 October 2013 - 08:01 AM

Are you saying that you lost your Internet connection?

Then run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • [b]Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#7 bamarquez226

bamarquez226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 29 October 2013 - 01:38 PM

Are you saying that you lost your Internet connection?

Then run this tool.

Please download MiniToolBox to Desktop and run it.

 

Yup, lost it again, along with connection to my local LAN that accesses a file server. All the other computers are runnung fine except for mine.

 

A little back story to my problem, I caught my nephew looking at porn on my work computer, yelled at him, and all this happened. Denfinitely embarassing to admit.

 

Here's the log:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by B. Marquez (administrator) on 29-10-2013 at 11:27:44
Running from "C:\Users\B. Marquez\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 30 October 2013 - 08:18 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

===
Run the Minitool box again.

Select the List Winsock Entries
Post the log for my review.

#9 bamarquez226

bamarquez226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 30 October 2013 - 04:13 PM

Hey Nasdaq,

 

Found upon startup this morining that I had reconnected to the network. I found it a little suspicious, and unplugged the machine again from the network.

 

I ran combofix. I ran into some trouble disabling MS Essentials. A reboot gave me back control, and I was able to disable it, in order to run combo fix.

 

Here are the logs:

 

Combofix.txt:

 

ComboFix 13-10-30.01 - B. Marquez 10/30/2013  13:46:48.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2046.789 [GMT -7:00]
Running from: c:\users\B. Marquez\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\B. Marquez\AppData\Local\assembly\tmp
c:\windows\system32\SET5A7E.tmp
c:\windows\system32\SET7895.tmp
c:\windows\system32\SETD70C.tmp
c:\windows\system32\SETDCB9.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-30  )))))))))))))))))))))))))))))))
.
.
2013-10-30 20:55 . 2013-10-30 20:55    --------    d-----w-    c:\users\B. Marquez\AppData\Local\temp
2013-10-30 18:18 . 2013-10-14 06:39    7796464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360667C6-DC51-4800-8CB8-89D1C8FB4417}\mpengine.dll
2013-10-30 12:16 . 2013-10-14 06:39    7796464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-28 05:36 . 2013-10-28 05:36    --------    d-----w-    c:\users\B. Marquez\AppData\Roaming\Lavasoft
2013-10-28 05:36 . 2013-10-28 05:36    --------    d-----w-    c:\users\B. Marquez\AppData\Local\Lavasoft
2013-10-28 04:56 . 2013-10-24 13:10    357432    ----a-w-    c:\windows\system32\LavasoftProxy.dll
2013-10-28 04:56 . 2013-10-28 04:56    --------    d-----w-    C:\Lavasoft
2013-10-28 04:14 . 2013-10-28 04:14    --------    d-----w-    c:\windows\ERUNT
2013-10-24 21:55 . 2013-10-24 21:55    --------    d-----w-    C:\FRST
2013-10-24 21:45 . 2013-10-28 04:11    --------    d-----w-    C:\AdwCleaner
2013-10-24 20:24 . 2013-10-24 21:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-24 20:24 . 2013-10-24 20:24    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-24 20:22 . 2013-10-24 22:15    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-23 19:35 . 2013-10-23 19:35    --------    d-----w-    c:\program files\iPod
2013-10-23 19:35 . 2013-10-23 19:37    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-23 19:35 . 2013-10-23 19:37    --------    d-----w-    c:\program files\iTunes
2013-10-21 18:09 . 2013-10-21 18:09    --------    d-----w-    c:\users\B. Marquez\AppData\Roaming\Oracle
2013-10-21 18:08 . 2013-10-21 18:05    719224    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B29F30FD-FD4B-4399-8153-EB011346326F}\gapaengine.dll
2013-10-21 18:06 . 2013-10-08 14:50    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-14 23:51 . 2013-10-21 18:07    --------    d-----w-    c:\programdata\Oracle
2013-10-14 23:51 . 2013-10-14 23:51    --------    d-----w-    c:\program files\Common Files\Java
2013-10-09 19:12 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-01 18:45 . 2013-10-02 17:35    --------    d-----w-    C:\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 21:02 . 2012-03-30 19:57    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:02 . 2011-05-17 15:58    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-07 17:49 . 2012-06-13 16:28    718712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-05 01:56 . 2013-09-11 18:09    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-11 18:09    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-11 18:09    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 18:09    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-11 18:09    271360    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-11 18:09    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 18:09    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 18:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 18:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-19 07:44 . 2013-01-19 07:44    2174976    ----a-w-    c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Lavasoft AdBlock"="c:\lavasoft\Ad-Aware AdBlocker (Alpha)\AdBlocker.exe" [2013-10-24 446520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"DLSService"="c:\dymo\DYMO Label Software\DLSService.exe" [2010-05-11 55808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acrobat Assistant 7.0"="c:\adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-19 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-1-13 25214]
Microsoft Office.lnk - c:\microsoft office 2000\Office\OSA9.EXE -b -l [2000-1-21 65588]
Service Manager.norun [2010-12-10 2151]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 LavasoftProxy;LavasoftProxy;c:\lavasoft\Ad-Aware AdBlocker (Alpha)\LavasoftProxy.exe [2013-10-24 3699768]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [2002-12-18 7520337]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [2002-12-18 311872]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\DRIVERS\TSUSB2.sys [2008-03-12 54016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 DymoPnpService;DYMO PnP Service;c:\dymo\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]
S2 SBSDWSCService;SBSD Security Center Service;c:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 18:51    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:02]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-20 17:38]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-20 17:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\LavasoftProxy.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\B. Marquez\AppData\Roaming\Mozilla\Firefox\Profiles\4m73reru.default-1367526852939\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-30  13:58:06
ComboFix-quarantined-files.txt  2013-10-30 20:58
.
Pre-Run: 197,469,401,088 bytes free
Post-Run: 197,573,255,168 bytes free
.
- - End Of File - - 54EB10E4CEEF46EBB6ED277D41105974
A36C5E4F47E84449FF07ED3517B43A31
 

Winsock entries:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by B. Marquez (administrator) on 30-10-2013 at 14:01:25
Running from "C:\Users\B. Marquez\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\LavasoftProxy.dll [357432] (Lavasoft Limited)
Catalog9 02 C:\Windows\system32\LavasoftProxy.dll [357432] (Lavasoft Limited)
Catalog9 03 C:\Windows\system32\LavasoftProxy.dll [357432] (Lavasoft Limited)
Catalog9 04 C:\Windows\system32\LavasoftProxy.dll [357432] (Lavasoft Limited)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\LavasoftProxy.dll [357432] (Lavasoft Limited)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
 

Let me know what you think. Thanks for your help and patience.


Edited by bamarquez226, 30 October 2013 - 04:21 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 31 October 2013 - 08:35 AM

Your logs are clean of malware.

If still having problems with your LAN I suggest you start a new topic in this Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

Someone with more experience in that field may be able to help your.
This is not my domain.

#11 bamarquez226

bamarquez226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 31 October 2013 - 03:14 PM

Your logs are clean of malware.

If still having problems with your LAN I suggest you start a new topic in this Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

Someone with more experience in that field may be able to help your.
This is not my domain.

 

That's great news Nasdaq, thanks for all your help!!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:59 PM

Posted 06 November 2013 - 11:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users