Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2013 / No Access to Internet!! DEMENTED :(


  • This topic is locked This topic is locked
25 replies to this topic

#1 hrtbps

hrtbps

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 October 2013 - 12:47 PM

Hi Guys,

 

My nephews laptop was infected by what appeared to be Internet Security 2013. After going through the laptop and removing most of the junk (toolbars etc) It seems that most of the threats have been removed.

 

MBytes reports no threats

SAntiSWare reports no threats

I used avg recovery console- it removed a threat called weiai.exi

 

I just cant get the thing to go on line. It connects to the wireless router, but doesnt access the net.

 

I'm using vista home basic.

 

I would seriously appreciate the help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16514

Run by user at 17:53:37 on 2013-10-30

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.954.257 [GMT 0:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe           

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k wdisvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb

mStart Page = hxxp://www.searchya.com/?f=1&a=syd72&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzyyCzy0ByBtA0AyEyEtByEtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q1V0G1F1F1N1I1P&cr=842620569&ir=

uProxyOverride = <-loopback>

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=GB&userid=bf637f2d-1405-42f3-8b49-97f5003698f3&searchtype=ds&q={searchTerms}&installDate={installDate}

mURLSearchHooks: {8c58b088-1159-4ad9-a411-c7d3ae7edb28} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-5 108120]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-16 193840]

S4 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]

S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-16 361808]

.

=============== Created Last 30 ================

.

2013-10-30 17:28:48     388096      ----a-r-      c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2013-10-30 17:28:44     --------    d-----w-    c:\program files\Trend Micro

2013-10-30 17:04:15     --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-30 17:04:13     105176      ----a-w-      c:\windows\system32\drivers\MBAMSwissArmy.sys

2013-10-30 16:56:20     --------    d-----w-    C:\TDSSKiller_Quarantine

2013-10-30 16:53:47     75992 ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys

2013-10-30 16:43:57     --------    d-sh--w-    C:\$RECYCLE.BIN

2013-10-30 16:36:44     --------    d-s---w-    C:\ComboFix

2013-10-28 12:03:09     98816 ----a-w-    c:\windows\sed.exe

2013-10-28 12:03:09     256000      ----a-w-    c:\windows\PEV.exe

2013-10-28 12:03:09     208896      ----a-w-    c:\windows\MBR.exe

2013-10-19 22:34:30     --------    d-----w-      c:\users\user\appdata\roaming\Malwarebytes

2013-10-19 22:34:22     --------    d-----w-    c:\programdata\Malwarebytes

2013-10-19 22:34:19     22856 ----a-w-    c:\windows\system32\drivers\mbam.sys

2013-10-19 22:34:19     --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware

2013-10-19 22:22:48     --------    d--h--w-    c:\programdata\Common Files

2013-10-19 22:22:41     --------    d-----w-    c:\users\user\appdata\local\MFAData

2013-10-19 22:22:41     --------    d-----w-    c:\users\user\appdata\local\Avg2014

2013-10-19 22:22:41     --------    d-----w-    c:\programdata\MFAData

2013-10-19 22:07:23     --------    d-----w-      c:\users\user\appdata\roaming\SUPERAntiSpyware.com

2013-10-19 22:07:10     --------    d-----w-    c:\programdata\SUPERAntiSpyware.com

2013-10-19 22:07:10     --------    d-----w-    c:\program files\SUPERAntiSpyware

2013-10-19 21:52:32     6954968     ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{bb97f2ef-00c3-4eea-8600-7a4fdd164afc}\mpengine.dll

2013-10-19 21:32:04     --------    d-----w-    c:\program files\HTC

2013-10-19 21:28:47     --------    d-----w-    c:\programdata\HTC

2013-10-19 19:04:05     --------    d-----w-    c:\users\user\appdata\local\Seven Zip

2013-10-19 15:51:00     --------    d-----w-      c:\users\user\appdata\local\somotomoviestoolbar1

2013-10-19 15:08:30     --------    d-----w-    c:\users\user\appdata\roaming\Samsung

2013-10-18 17:55:24     --------    d-----w-    c:\programdata\Oracle

2013-10-14 16:26:14     --------    d-----w-    C:\3b38bab0f35f50e7c44f9b60

2013-10-14 16:04:06     --------    d-----w-      c:\users\user\appdata\roaming\ParetoLogic

2013-10-14 16:01:19     --------    d-----w-    c:\programdata\ParetoLogic

2013-10-14 15:31:58     --------    d-----w-    c:\users\user\appdata\local\Babylon

2013-10-14 15:29:44     --------    d-----w-    c:\users\user\appdata\roaming\Uniblue

2013-10-14 14:37:58     --------    d-----w-      c:\users\user\appdata\local\BonanzaDealsLive

2013-10-14 14:37:58     --------    d-----w-    c:\programdata\BonanzaDealsLive

2013-10-13 19:13:17     71048 ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-13 19:13:17     692616      ----a-w-    c:\windows\system32\FlashPlayerApp.exe

2013-10-11 16:07:32     1172480     ----a-w-    c:\windows\system32\d3d10warp.dll

2013-10-11 16:07:31     486400      ----a-w-    c:\windows\system32\d3d10level9.dll

2013-10-11 16:07:31     219648      ----a-w-    c:\windows\system32\d3d10_1core.dll

2013-10-11 16:07:31     189952      ----a-w-    c:\windows\system32\d3d10core.dll

2013-10-11 16:07:31     160768      ----a-w-    c:\windows\system32\d3d10_1.dll

2013-10-11 16:07:31     1029120     ----a-w-    c:\windows\system32\d3d10.dll

2013-10-11 16:07:30     1069056     ----a-w-    c:\windows\system32\DWrite.dll

2013-10-11 16:07:29     798208      ----a-w-    c:\windows\system32\FntCache.dll

2013-10-11 16:07:29     683008      ----a-w-    c:\windows\system32\d2d1.dll

2013-10-10 20:59:45     34304 ----a-w-    c:\windows\system32\atmlib.dll

2013-10-10 20:59:45     293376      ----a-w-    c:\windows\system32\atmfd.dll

2013-10-10 20:59:43     638400      ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys

2013-10-10 20:59:43     37376 ----a-w-    c:\windows\system32\cdd.dll

2013-10-10 20:59:41     102608      ----a-w-      c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 20:59:37     2050048     ----a-w-    c:\windows\system32\win32k.sys

2013-10-10 20:58:56     197632      ----a-w-    c:\windows\system32\drivers\usbhub.sys

2013-10-10 20:58:55     73216 ----a-w-    c:\windows\system32\drivers\usbccgp.sys

2013-10-10 20:58:55     6016  ----a-w-    c:\windows\system32\drivers\usbd.sys

2013-10-10 20:58:55     226304      ----a-w-    c:\windows\system32\drivers\usbport.sys

2013-10-10 20:58:54     39936 ----a-w-    c:\windows\system32\drivers\usbehci.sys

2013-10-10 20:58:54     23552 ----a-w-    c:\windows\system32\drivers\usbuhci.sys

2013-10-10 20:58:47     134272      ----a-w-    c:\windows\system32\drivers\usbvideo.sys

2013-10-10 20:58:42     527064      ----a-w-    c:\windows\system32\drivers\Wdf01000.sys

2013-10-10 20:56:58     25472 ----a-w-    c:\windows\system32\drivers\hidparse.sys

2013-10-10 20:56:53     532480      ----a-w-    c:\windows\system32\comctl32.dll

2013-10-07 16:16:56     --------    d-----w-    c:\users\user\appdata\roaming\DriverCure

2013-10-07 16:16:55     --------    d-----w-    c:\users\user\appdata\roaming\SpeedMaxPc

2013-10-07 16:10:02     --------    d-----w-    c:\programdata\SpeedMaxPc

2013-10-07 16:08:42     --------    d-----w-    C:\temp

2013-10-07 15:23:54     --------    d-----w-      c:\users\user\appdata\roaming\PerformerSoft

2013-10-07 15:23:47     --------    d-----w-      c:\users\user\appdata\roaming\SpeedAnalysis2

2013-10-07 15:22:17     --------    d-----w-    c:\users\user\appdata\roaming\zulagames

2013-10-07 15:19:14     --------    d-----w-    c:\users\user\appdata\roaming\Babylon

2013-10-07 15:18:53     --------    d-----w-      c:\users\user\appdata\roaming\SeeSimilar02

2013-10-07 15:18:53     --------    d-----w-    c:\users\user\appdata\roaming\File Scout

2013-10-05 15:39:15     615936      ----a-w-    c:\windows\system32\themeui.dll

2013-10-05 15:39:12     1548288     ----a-w-    c:\windows\system32\WMVDECOD.DLL

2013-10-04 15:25:02     --------    d-----w-    C:\a44f2ec69cd6a315eb4b7b7a3d

.

==================== Find3M  ====================

.

2013-09-22 10:22:59     1800704     ----a-w-    c:\windows\system32\jscript9.dll

2013-09-22 10:14:39     1427968     ----a-w-    c:\windows\system32\inetcpl.cpl

2013-09-22 10:13:22     1129472     ----a-w-    c:\windows\system32\wininet.dll

2013-09-22 10:08:41     142848      ----a-w-    c:\windows\system32\ieUnatt.exe

2013-09-22 10:06:58     420864      ----a-w-    c:\windows\system32\vbscript.dll

2013-09-22 10:03:18     2382848     ----a-w-    c:\windows\system32\mshtml.tlb

2013-08-25 15:44:23     867240      ----a-w-    c:\windows\system32\npDeployJava1.dll

2013-08-25 15:44:23     789416      ----a-w-    c:\windows\system32\deployJava1.dll

2013-08-12 19:02:38     142496      ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS

.

============= FINISH: 17:54:30.54 ===============

Attached Files


Edited by hrtbps, 30 October 2013 - 01:05 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 30 October 2013 - 05:12 PM


Hello



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 October 2013 - 05:33 PM

Hey thanks for the quick response...

 

Here is the log

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2013

Ran by user at 2013-10-30 22:24:51

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Reader 8.1.2 (Version: 8.1.2)

Adobe Shockwave Player (Version: 10.2.0.023)

Atheros Driver Installation Program (Version: 5.2)

CCleaner (Version: 3.27)

Cisco LEAP Module (Version: 1.0.12)

Cisco PEAP Module (Version: 1.0.13)

Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)

CyberLink YouCam (Version: 2.0.1616)

ESU for Microsoft Vista (Version: 1.0.0)

GearDrvs (Version: 1.00.0000)

GearDrvs (Version: 5.0.0.2)

Google Chrome (Version: 30.0.1599.69)

Google Update Helper (Version: 1.3.21.165)

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)

Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)

HiJackThis (Version: 1.0.0)

HP Active Support Library (Version: 3.1.4.1)

HP Customer Experience Enhancements (Version: 5.7.0.2630)

HP Doc Viewer (Version: 1.01.0005)

HP DVD Play 3.7

HP Easy Setup - Frontend (Version: 5.7.0.2630)

HP Help and Support (Version: 2.0.9.0)

HP Quick Launch Buttons 6.40 F1 (Version: 6.40 F1)

HP Total Care Advisor (Version: 2.1.4047.2685)

HP Update (Version: 4.000.010.008)

HP User Guides 0118 (Version: 1.00.0000)

HP Wireless Assistant (Version: 3.00 J1)

HPNetworkAssistant (Version: 1.1.70)

Intel® Graphics Media Accelerator Driver

IPTInstaller (Version: 4.0.8)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

LabelPrint (Version: 2.20.2719)

LightScribe System Software  1.12.33.2 (Version: 1.12.33.2)

LiveUpdate (Symantec Corporation) (Version: 3.4.1.234)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)

Microsoft Works (Version: 9.7.0621)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

NetWaiting (Version: 2.5.52)

Norton 360 (Version: 2.0.0.242)

Power2Go (Version: 5.6.3919)

PowerDirector (Version: 6.5.2719)

Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)

Realtek USB 2.0 Card Reader (Version: )

SUPERAntiSpyware (Version: 5.6.1040)

Synaptics Pointing Device Driver (Version: 11.1.3.0)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

Update for Office 2007 (KB934528)

WinRAR 4.20 (32-bit) (Version: 4.20.0)

xVidly1 Toolbar (Version: 6.13.3.1)

 

==================== Restore Points  =========================

 

12-10-2013 10:26:17 Windows Update

14-10-2013 15:30:46 Uniblue SpeedUpMyPC installation

16-10-2013 18:54:16 Norton 360 Registry Clean

18-10-2013 17:34:01 Installed Java 7 Update 45

19-10-2013 19:57:55 Removed Ask Toolbar

19-10-2013 20:26:19 Quitado VAFPlayer

19-10-2013 20:33:33 Removed QuickShare

19-10-2013 20:58:10 Removed muvee autoProducer 6.1

19-10-2013 21:29:29 Device Driver Package Install: HTC, Corporation Android USB Devices

19-10-2013 21:30:05 Device Driver Package Install: HTC Corporation Network adapters

19-10-2013 21:30:59 Device Driver Package Install: HTC Corporation Portable Devices

19-10-2013 21:32:07 Device Driver Package Install: HTC Network Protocol

19-10-2013 21:32:46 Removed Cisco EAP-FAST Module

30-10-2013 17:27:48 Installed HiJackThis

30-10-2013 20:35:08 Installed Realtek 8136 8168 8169 Ethernet Driver

 

==================== Hosts content: ==========================

 

2006-11-02 10:23 - 2013-10-28 11:34 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1   localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0D854E7A-1077-413A-93B4-BEB9447387EC} - System32\Tasks\SUPERAntiSpyware Scheduled Task cede09dd-433c-4122-89f3-a5a01442d4c4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {22D06145-DFFB-4148-9B7E-BF4536F56D08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)

Task: {296C821A-550E-4254-B4FB-5DE2FABB18E4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated)

Task: {325BD792-E2FB-4B0D-AB80-5617A4A43209} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)

Task: {3285CF86-393D-4247-A716-43397047B6B1} - \DealPlyUpdate No Task File

Task: {49353833-04B9-4D33-83D3-3BCC6A38597D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)

Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\System32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {8E3C5FCF-40D2-4E58-B06B-C7E7C0D84490} - System32\Tasks\SUPERAntiSpyware Scheduled Task d92b76e4-44d9-4415-9e69-c94b8e24ee10 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)

Task: {9D075E23-B04E-41D3-8334-D5D885FE274E} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)

Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\WINDOWS\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {B2E01F9F-3869-4761-B002-02AFA918A20B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)

Task: {CD7B0211-46B5-4DB2-9291-2864A4E3E789} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cede09dd-433c-4122-89f3-a5a01442d4c4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d92b76e4-44d9-4415-9e69-c94b8e24ee10.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

==================== Loaded Modules (whitelisted) =============

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97651900.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97651900.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/30/2013 10:23:07 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 09:18:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 09:02:32 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 08:25:50 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 05:24:29 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 05:01:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 04:43:58 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 04:30:47 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 02:28:19 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/30/2013 02:27:53 PM) (Source: EventSystem) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

 

System errors:

=============

Error: (10/30/2013 10:23:08 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (10/30/2013 09:18:22 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (10/30/2013 09:02:32 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (10/30/2013 08:25:50 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (10/30/2013 08:24:14 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)

Description: 0x8000002a62\??\C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat

 

Error: (10/30/2013 05:24:29 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058

 

Error: (10/30/2013 05:23:03 PM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)

Description: Provider\Microsoft.Base.Publication/Publication/Computer

 

Error: (10/30/2013 05:07:17 PM) (Source: mbamchameleon) (User: )

Description: C000000D

 

Error: (10/30/2013 05:07:17 PM) (Source: mbamchameleon) (User: )

Description: C000000D

 

Error: (10/30/2013 05:07:17 PM) (Source: mbamchameleon) (User: )

Description: C000000D

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-30 22:24:39.708

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:39.459

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:39.240

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:39.053

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:38.850

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:38.616

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:38.320

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:38.101

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:06.262

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-30 22:24:06.028

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 68%

Total physical RAM: 954.44 MB

Available physical RAM: 296.6 MB

Total Pagefile: 2173.21 MB

Available Pagefile: 1359.41 MB

Total Virtual: 2047.88 MB

Available Virtual: 1910.11 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:102.95 GB) (Free:62.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (PRESARIO_RP) (Fixed) (Total:8.84 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: (USB2) (Removable) (Total:1.86 GB) (Free:0.91 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 112 GB) (Disk ID: DD8E2C4E)

Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

 

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 30 October 2013 - 08:32 PM

Hello



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 31 October 2013 - 05:38 AM

Hello, as above unless I've missed something out (apologies if I have)

:)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 31 October 2013 - 08:12 PM

That is the attached report for one of his other programs called Farbar Recovery Scan Tool

I want you to run is called Farbar Service Scanner
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 01 November 2013 - 12:51 PM

Oh, so sorry !! I didn't read your first response properly. My apologies.

 

Here is the results of the correct scan.

 

 

Farbar Service Scanner Version: 24-10-2013

Ran by user (administrator) on 01-11-2013 at 17:48:21

Running from "C:\Users\user\Desktop"

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

There is no connection to network.

Attempt to access Google IP returned error.

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 01 November 2013 - 09:35 PM


Hello

Lets run this and see if it will shed some light

Please download http://www.bleepingcomputer.com/download/minitoolbox/dl/65/ MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


William
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 02 November 2013 - 10:50 AM

Hello, thanks for your help.

 

Here is the results of the scan:

 

MiniToolBox by Farbar  Version: 13-07-2013

Ran by user (administrator) on 02-11-2013 at 15:36:24

Running from "C:\Users\user\Desktop"

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

127.0.0.1   localhost

 

========================= IP Configuration: ================================

 

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : user-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter

   Physical Address. . . . . . . . . : 00-22-69-69-B7-3A

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::79c1:b97d:545:a74b%11(Preferred)

   Autoconfiguration IPv4 Address. . : 169.254.167.75(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.0.0

   Default Gateway . . . . . . . . . :

   DHCPv6 IAID . . . . . . . . . . . : 234889833

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-01-E2-2A-F7-00-22-69-69-B7-3A

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 00-1D-72-78-6B-9E

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 7:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : isatap.{BE1248EE-BBE6-4B5C-B539-788851DE0A90}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 12:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : isatap.{DD0E0D6D-92BE-4580-B21E-113C9E4A6445}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  UnKnown

Address:  fec0:0:0:ffff::1

 

Ping request could not find host google.com. Please check the name and try again.

 

Server:  UnKnown

Address:  fec0:0:0:ffff::1

 

Ping request could not find host yahoo.com. Please check the name and try again.

 

 

 

Pinging 127.0.0.1 with 32 bytes of data:

 

General failure.

 

General failure.

 

 

 

Ping statistics for 127.0.0.1:

 

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

 

===========================================================================

Interface List

 11 ...00 22 69 69 b7 3a ...... Atheros AR5007 802.11b/g WiFi Adapter
 10 ...00 1d 72 78 6b 9e ...... Realtek PCIe FE Family Controller
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{BE1248EE-BBE6-4B5C-B539-788851DE0A90}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 15 ...00 00 00 00 00 00 00 e0  isatap.{DD0E0D6D-92BE-4580-B21E-113C9E4A6445}
===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      169.254.0.0      255.255.0.0         On-link    169.254.167.75    281

   169.254.167.75  255.255.255.255         On-link    169.254.167.75    281

  169.254.255.255  255.255.255.255         On-link    169.254.167.75    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link    169.254.167.75    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link    169.254.167.75    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

 11    281 fe80::/64                On-link

 11    281 fe80::79c1:b97d:545:a74b/128

                                    On-link

  1    306 ff00::/8                 On-link

 11    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

 

**** End of log ****



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 02 November 2013 - 11:45 AM

Hello

Lets see if this will fix what is wronge with the internet

Complete Internet Repair
  • Please download Complete Internet Repair from here http://www.petrichorpost.com/all-downloads/
    and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:
    • Reset Internet Protocol (TCP/IP)
    • Repair Winsock (Reset Catalog)
    • Renew Internet Connections
    • Flush DNS Resolver Cache
    • Repair Internet Explorer 6.0.2900
    • Clear Windows Update History
    • Repair Windows / Automatic Updates
    • Repair SSL / HTTPS / Cryptography
    • Reset Windows Firewall Configuration
    • Restore the default hosts file
    • Repair Workgroup Computers view
  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access
Please let me know if this worked

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 02 November 2013 - 01:00 PM

Hello, no unfortunately it didnt work!

 

No wireless or wired connection. Other devices are connected to this router and have no issue. The laptop has been tried on other routers - same issue.

 

Thanks for your help so far - its truly appreciated.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 02 November 2013 - 01:43 PM

Hello

I would like you to go into device manager and uninstall the network adapters and restart the computer

upon restart the computer will reinstall the adapters and see if this helped


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 02 November 2013 - 02:11 PM

Hello, still no internet access. :(

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 02 November 2013 - 02:33 PM



Hello hrtbps

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hrtbps

hrtbps
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 02 November 2013 - 02:51 PM

Hello, here are the results of the scan as requested!

 

Thanks.

 

 

 

OTL logfile created on: 02/11/2013 19:38:26 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

954.44 Mb Total Physical Memory | 383.64 Mb Available Physical Memory | 40.19% Memory free

2.12 Gb Paging File | 1.40 Gb Available in Paging File | 65.80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 102.95 Gb Total Space | 62.91 Gb Free Space | 61.11% Space Free | Partition Type: NTFS

Drive D: | 8.84 Gb Total Space | 1.65 Gb Free Space | 18.65% Space Free | Partition Type: NTFS

Drive F: | 1.86 Gb Total Space | 0.91 Gb Free Space | 48.76% Space Free | Partition Type: FAT

 

Computer Name: USER-PC | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found

DRV - (catchme) -- C:\Users\user\AppData\Local\Temp\catchme.sys File not found

DRV - (TrueSight) -- C:\WINDOWS\System32\TrueSight.sys ()

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (htcnprot) -- C:\WINDOWS\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (RMCAST) -- C:\WINDOWS\System32\drivers\rmcast.sys (Microsoft Corporation)

DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (IntcHdmiAddService) -- C:\WINDOWS\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=syd72&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzyyCzy0ByBtA0AyEyEtByEtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q1V0G1F1F1N1I1P&cr=842620569&ir=

IE - HKLM\..\URLSearchHook: {8c58b088-1159-4ad9-a411-c7d3ae7edb28} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {7B4E1DF6-91A1-465F-A327-C2B0EB2B7BC3}

IE - HKLM\..\SearchScopes\{0C21D207-E76D-48C0-BD51-9069E7DBB4E1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{3824A884-68F9-4F7C-A0E4-18C22B449030}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{62A80A06-3D5F-25E7-B972-0F5C409D9E14}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzyyCzy0ByBtA0AyEyEtByEtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1546178413&ir=

IE - HKLM\..\SearchScopes\{665C4C3C-CA11-E268-2ADC-1E73C6733464}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\..\SearchScopes\{7B4E1DF6-91A1-465F-A327-C2B0EB2B7BC3}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=syd72&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzyyCzy0ByBtA0AyEyEtByEtN0D0Tzu0CyCtDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q1V0G1F1F1N1I1P&cr=842620569&ir=

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40

 

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=GB&userid=bf637f2d-1405-42f3-8b49-97f5003698f3&searchtype=ds&q={searchTerms}&installDate={installDate}

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoVBYB&dpid=SnapdoVBYB&co=GB&userid=bf637f2d-1405-42f3-8b49-97f5003698f3&searchtype=ds&q={searchTerms}&installDate={installDate}

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/07 15:23:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/10/07 15:23:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\seesimilar02@SeeSimilar.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar02@SeeSimilar.com [2013/10/07 15:35:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/10/07 15:23:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/10/07 15:23:57 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\seesimilar02@SeeSimilar.com: C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar02@SeeSimilar.com [2013/10/07 15:35:26 | 000,000,000 | ---D | M]

 

[2013/10/07 15:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions

[2013/10/07 15:35:26 | 000,000,000 | ---D | M] (SeeSimilar02) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar02@SeeSimilar.com

[2013/10/07 15:23:57 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com

[2013/10/07 15:23:52 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com

[2013/07/27 17:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.search.ask.com/?o=APN10640A&gct=hp&d=473-105&v=n9602-140&t=4

CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\

CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_1\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_2\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl\1.0.0.9_3\

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_1\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_2\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\2.0.1_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_2\

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

 

O1 HOSTS File: ([2013/11/02 19:22:33 | 000,000,741 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1   localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O4 - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-3212251779-1377172489-3175386860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O18 - Protocol\Handler\inbox - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/16 11:59:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2012/03/01 13:07:10 | 000,000,163 | -HS- | M] () - F:\AutoRun.inf -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/02 19:37:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013/11/02 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine

[2013/11/02 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\cintrepair

[2013/11/02 15:35:16 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe

[2013/11/01 17:47:06 | 000,359,085 | ---- | C] (Farbar) -- C:\Users\user\Desktop\FSS.exe

[2013/10/30 22:22:44 | 000,000,000 | ---D | C] -- C:\FRST

[2013/10/30 22:22:44 | 000,000,000 | ---D | C] -- \FRST

[2013/10/30 22:22:05 | 001,089,275 | ---- | C] (Farbar) -- C:\Users\user\Desktop\FRST.exe

[2013/10/30 20:35:32 | 000,073,728 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll

[2013/10/30 20:34:50 | 000,000,000 | ---D | C] -- C:\dell

[2013/10/30 20:34:50 | 000,000,000 | ---D | C] -- \dell

[2013/10/30 17:53:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.com

[2013/10/30 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2013/10/30 17:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2013/10/30 17:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/10/30 16:56:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/10/30 16:56:20 | 000,000,000 | ---D | C] -- \TDSSKiller_Quarantine

[2013/10/30 16:53:47 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2013/10/30 16:53:38 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar

[2013/10/30 16:53:25 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\rkill.exe

[2013/10/30 16:53:23 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe

[2013/10/30 16:53:23 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Removal Gear

[2013/10/30 16:43:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/10/30 16:43:57 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN

[2013/10/30 16:36:44 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/10/30 16:36:44 | 000,000,000 | --SD | C] -- \ComboFix

[2013/10/30 15:11:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinRAR

[2013/10/30 15:11:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/10/30 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/10/30 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2013/10/28 14:53:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/10/28 12:03:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/10/28 12:03:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/10/28 12:03:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/10/28 12:01:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/10/28 12:01:01 | 000,000,000 | ---D | C] -- \Qoobox

[2013/10/28 12:00:40 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/10/28 12:00:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/10/28 11:59:37 | 005,136,694 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013/10/19 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2013/10/19 22:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/10/19 22:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/10/19 22:34:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/10/19 22:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/10/19 22:33:13 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/10/19 22:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/10/19 22:22:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData

[2013/10/19 22:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/10/19 22:22:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2014

[2013/10/19 22:21:55 | 004,436,536 | ---- | C] (AVG Technologies) -- C:\Users\user\Desktop\avg_isct_stb_all_2014_4158.exe

[2013/10/19 22:07:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com

[2013/10/19 22:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/10/19 22:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/10/19 22:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/10/19 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTC

[2013/10/19 21:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC

[2013/10/19 19:04:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Seven Zip

[2013/10/19 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc

[2013/10/19 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\somotomoviestoolbar1

[2013/10/19 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Samsung

[2013/10/19 15:08:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartSwitch

[2013/10/18 17:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2013/10/14 16:26:14 | 000,000,000 | ---D | C] -- C:\3b38bab0f35f50e7c44f9b60

[2013/10/14 16:26:14 | 000,000,000 | ---D | C] -- \3b38bab0f35f50e7c44f9b60

[2013/10/14 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ParetoLogic

[2013/10/14 16:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2013/10/14 15:31:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Babylon

[2013/10/14 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Uniblue

[2013/10/14 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\BonanzaDealsLive

[2013/10/14 14:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive

[2013/10/13 19:13:17 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/10/13 19:13:17 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/10/11 17:31:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/10/11 17:31:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/10/11 17:31:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/10/11 17:31:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/10/11 17:31:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/10/11 17:31:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/10/11 17:31:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/10/11 17:31:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/10/11 16:07:32 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/10/11 16:07:31 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/10/11 16:07:31 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/10/11 16:07:31 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/10/11 16:07:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/10/11 16:07:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/10/11 16:07:30 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/10/11 16:07:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/10/10 20:59:45 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/10/10 20:59:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013/10/10 20:59:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2013/10/10 20:59:41 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 20:59:37 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/10/10 20:58:55 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2013/10/10 20:58:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2013/10/10 20:56:58 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2013/10/07 16:16:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DriverCure

[2013/10/07 16:16:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpeedMaxPc

[2013/10/07 16:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc

[2013/10/07 16:08:42 | 000,000,000 | ---D | C] -- C:\temp

[2013/10/07 16:08:42 | 000,000,000 | ---D | C] -- \temp

[2013/10/07 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PerformerSoft

[2013/10/07 15:23:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla

[2013/10/07 15:23:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpeedAnalysis2

[2013/10/07 15:22:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\zulagames

[2013/10/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Babylon

[2013/10/07 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SeeSimilar02

[2013/10/07 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\File Scout

[2013/10/05 15:39:12 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2013/10/04 15:25:02 | 000,000,000 | ---D | C] -- C:\a44f2ec69cd6a315eb4b7b7a3d

[2013/10/04 15:25:02 | 000,000,000 | ---D | C] -- \a44f2ec69cd6a315eb4b7b7a3d

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/02 19:37:57 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/02 19:37:57 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/02 19:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013/11/02 19:31:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/02 19:31:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/02 19:31:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/02 19:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/02 19:30:48 | 1001,594,880 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/02 19:22:33 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/11/02 19:20:19 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys

[2013/11/02 17:35:18 | 000,515,858 | ---- | M] () -- C:\Users\user\Desktop\cintrepair.zip

[2013/11/02 16:02:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/02 15:58:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/02 15:33:22 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe

[2013/11/01 17:41:48 | 000,359,085 | ---- | M] (Farbar) -- C:\Users\user\Desktop\FSS.exe

[2013/11/01 02:00:09 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d92b76e4-44d9-4415-9e69-c94b8e24ee10.job

[2013/11/01 02:00:09 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task cede09dd-433c-4122-89f3-a5a01442d4c4.job

[2013/10/30 22:15:36 | 001,089,275 | ---- | M] (Farbar) -- C:\Users\user\Desktop\FRST.exe

[2013/10/30 20:31:34 | 005,937,792 | ---- | M] () -- C:\Users\user\Desktop\R230388.exe

[2013/10/30 17:51:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.com

[2013/10/30 17:38:01 | 000,002,521 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk

[2013/10/30 17:23:14 | 001,402,880 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.msi

[2013/10/30 17:03:16 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2013/10/30 16:50:10 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\rkill.exe

[2013/10/30 14:53:46 | 121,822,819 | ---- | M] () -- C:\Users\user\Desktop\avg_arl_ffi_all_120_130801a6481.rar

[2013/10/28 14:45:14 | 000,005,710 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2013/10/28 11:51:14 | 005,136,694 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013/10/28 11:34:16 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak

[2013/10/28 11:25:34 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe

[2013/10/19 22:55:10 | 000,951,808 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe

[2013/10/19 22:34:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/10/19 22:20:26 | 004,436,536 | ---- | M] (AVG Technologies) -- C:\Users\user\Desktop\avg_isct_stb_all_2014_4158.exe

[2013/10/19 22:07:16 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/10/19 21:10:33 | 000,297,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/10/19 18:55:18 | 000,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2013/10/19 18:34:32 | 000,000,557 | ---- | M] () -- C:\Windows\System32\MyDefrag.debuglog

[2013/10/19 16:22:11 | 000,000,067 | ---- | M] () -- C:\Users\user\AppData\Roaming\WB.CFG

[2013/10/19 15:02:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2013/10/18 17:18:49 | 000,000,000 | ---- | M] () -- C:\end

[2013/10/16 18:16:43 | 000,003,368 | ---- | M] () -- C:\{B24D52AB-22D1-45C3-A11C-5CFAD61056B2}

[2013/10/14 16:19:42 | 000,003,360 | ---- | M] () -- C:\{5579D86A-F8EF-4482-A4FF-01460330F422}

[2013/10/14 16:19:23 | 000,000,680 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat

[2013/10/14 15:51:34 | 000,032,480 | ---- | M] () -- C:\{D8EB16AF-E74A-4427-B1AC-0F42D9DB1778}

[2013/10/14 15:20:17 | 000,001,995 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/10/14 15:20:16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/10/13 19:13:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/10/13 19:13:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/10/13 11:34:11 | 000,003,512 | ---- | M] () -- C:\{9008F971-531D-4227-8B32-AD4A7D178F4A}

[2013/10/11 18:28:14 | 000,003,080 | ---- | M] () -- C:\{5E563CBE-72E1-4F52-B50D-32DBFA3F7F5D}

[2013/10/07 16:30:20 | 000,003,424 | ---- | M] () -- C:\{B282A503-A2BB-429B-8A9E-FADAF7FA8818}

[2013/10/07 15:59:57 | 000,002,608 | ---- | M] () -- C:\{6A65057B-580D-4D95-8CAE-D05F06751AAA}

[2013/10/07 15:44:40 | 000,004,048 | ---- | M] () -- C:\{1750BF98-B220-4C70-AB34-F6C6CE9C90FC}

[2013/10/06 16:43:36 | 000,003,208 | ---- | M] () -- C:\{2513CAF9-CC94-454E-9001-807B88DCAD0A}

[2013/10/03 20:07:13 | 000,001,971 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk

 

========== Files Created - No Company Name ==========

 

[2013/11/02 19:20:19 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys

[2013/11/02 19:02:00 | 1001,594,880 | -HS- | C] () -- C:\hiberfil.sys

[2013/11/02 19:02:00 | 1001,594,880 | -HS- | C] () -- \hiberfil.sys

[2013/11/02 17:37:08 | 000,515,858 | ---- | C] () -- C:\Users\user\Desktop\cintrepair.zip

[2013/10/30 20:35:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2013/10/30 20:33:47 | 005,937,792 | ---- | C] () -- C:\Users\user\Desktop\R230388.exe

[2013/10/30 17:28:47 | 000,002,521 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk

[2013/10/30 17:27:33 | 001,402,880 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.msi

[2013/10/30 15:06:54 | 121,822,819 | ---- | C] () -- C:\Users\user\Desktop\avg_arl_ffi_all_120_130801a6481.rar

[2013/10/28 14:45:03 | 000,005,710 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2013/10/28 12:03:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/10/28 12:03:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/10/28 12:03:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/10/28 12:03:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/10/28 12:03:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/10/28 11:29:33 | 000,951,808 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe

[2013/10/19 22:34:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/10/19 22:07:32 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d92b76e4-44d9-4415-9e69-c94b8e24ee10.job

[2013/10/19 22:07:31 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task cede09dd-433c-4122-89f3-a5a01442d4c4.job

[2013/10/19 22:07:16 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/10/19 16:34:45 | 000,000,557 | ---- | C] () -- C:\Windows\System32\MyDefrag.debuglog

[2013/10/19 15:02:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2013/10/16 18:16:42 | 000,003,368 | ---- | C] () -- C:\{B24D52AB-22D1-45C3-A11C-5CFAD61056B2}

[2013/10/16 18:16:42 | 000,003,368 | ---- | C] () -- \{B24D52AB-22D1-45C3-A11C-5CFAD61056B2}

[2013/10/14 16:19:42 | 000,003,360 | ---- | C] () -- C:\{5579D86A-F8EF-4482-A4FF-01460330F422}

[2013/10/14 16:19:42 | 000,003,360 | ---- | C] () -- \{5579D86A-F8EF-4482-A4FF-01460330F422}

[2013/10/14 15:51:33 | 000,032,480 | ---- | C] () -- C:\{D8EB16AF-E74A-4427-B1AC-0F42D9DB1778}

[2013/10/14 15:51:33 | 000,032,480 | ---- | C] () -- \{D8EB16AF-E74A-4427-B1AC-0F42D9DB1778}

[2013/10/14 15:20:16 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/10/13 19:13:21 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/13 11:34:10 | 000,003,512 | ---- | C] () -- C:\{9008F971-531D-4227-8B32-AD4A7D178F4A}

[2013/10/13 11:34:10 | 000,003,512 | ---- | C] () -- \{9008F971-531D-4227-8B32-AD4A7D178F4A}

[2013/10/11 18:28:11 | 000,003,080 | ---- | C] () -- C:\{5E563CBE-72E1-4F52-B50D-32DBFA3F7F5D}

[2013/10/11 18:28:11 | 000,003,080 | ---- | C] () -- \{5E563CBE-72E1-4F52-B50D-32DBFA3F7F5D}

[2013/10/07 16:30:20 | 000,003,424 | ---- | C] () -- C:\{B282A503-A2BB-429B-8A9E-FADAF7FA8818}

[2013/10/07 16:30:20 | 000,003,424 | ---- | C] () -- \{B282A503-A2BB-429B-8A9E-FADAF7FA8818}

[2013/10/07 15:59:50 | 000,002,608 | ---- | C] () -- C:\{6A65057B-580D-4D95-8CAE-D05F06751AAA}

[2013/10/07 15:59:50 | 000,002,608 | ---- | C] () -- \{6A65057B-580D-4D95-8CAE-D05F06751AAA}

[2013/10/07 15:44:36 | 000,004,048 | ---- | C] () -- C:\{1750BF98-B220-4C70-AB34-F6C6CE9C90FC}

[2013/10/07 15:44:36 | 000,004,048 | ---- | C] () -- \{1750BF98-B220-4C70-AB34-F6C6CE9C90FC}

[2013/10/06 16:43:36 | 000,003,208 | ---- | C] () -- C:\{2513CAF9-CC94-454E-9001-807B88DCAD0A}

[2013/10/06 16:43:36 | 000,003,208 | ---- | C] () -- \{2513CAF9-CC94-454E-9001-807B88DCAD0A}

[2013/10/03 20:06:49 | 000,001,971 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2013/10/02 19:57:54 | 000,000,067 | ---- | C] () -- C:\Users\user\AppData\Roaming\WB.CFG

[2013/08/25 16:57:38 | 000,333,348 | ---- | C] () -- C:\Users\user\AppData\Local\searchya-speeddial.crx

[2013/08/25 11:07:54 | 000,000,000 | ---- | C] () -- \end

[2013/08/12 20:05:42 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat

[2013/08/12 19:26:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/07/28 20:51:28 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/07/27 18:16:22 | 000,423,709 | ---- | C] () -- C:\Users\user\AppData\Local\mysearchdial_speedial_v9.0.2.crx

[2013/02/26 19:36:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2013/02/26 19:34:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2013/01/24 19:48:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2013/01/18 20:09:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2012/12/19 19:28:55 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

[2008/02/08 06:09:41 | 000,333,257 | RHS- | C] () -- \bootmgr

[2006/11/02 10:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat

[2006/11/02 06:25:08 | 000,000,010 | ---- | C] () -- \config.sys

[2001/01/01 05:02:13 | 000,000,369 | -H-- | C] () -- \IPH.PH

 

========== ZeroAccess Check ==========

 

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< End of report >






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users