Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit infection


  • Please log in to reply
30 replies to this topic

#1 BenKenobi18

BenKenobi18

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 30 January 2014 - 01:39 AM

http://www.bleepingcomputer.com/forums/t/522540/unable-to-complete-malwarebytes-scan/
 
Been battling this for awhile now and was told to take my situation here.
 
I DL'ed the latest Flash update that apparently came bundled with Conduit and a bunch of other nasty stuff. It has corrupted my original user profile to the point where I've been unable to clean the profile out with tools. I noticed the problem as internet explorer started to hang on opening and would not stay open to do anything. 
 
Malwarebytes, etc cannot clear the protected files in the old userprofile. Malwarebytes will hang attempting to scan the same file, everytime. The hang can only be unlocked with a hard reset. 
 
I have only had success with ADW which was able to delete some of the Conduit files. After doing that, I elevated my permissions, but this had the bad effect of restoring the original issues with IE and Chrome. So I backed all my files up and switched the user profiles in safe mode. I attempted to delete the bad profile, which had partial success in that some things were deleted, but the system hanged in safe mode and wasn't able to complete the job. 
 
Then, I deleted java and that seemed to bring some stability back to the machine again, with the clean user profile. Stability enough so that I could post here. 
 
So where to from here? I'd like to finally get rid of this malware. 


Here is the DDS report. 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736
Run by SRO at 0:47:18 on 2014-01-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4022.2553 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\445402255607169627 : DHCPNameServer = 192.168.15.1 192.168.2.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\7416C6C6167686562784F657375686F6C6467313E416479636F6F6B6F58747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\7427569786F657E646 : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\7427569786F657E64675962756C6563737 : DHCPNameServer = 10.0.0.1 10.0.0.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\7427569786F657E64675966496F563532393 : DHCPNameServer = 10.0.0.1 10.0.0.1
TCP: Interfaces\{04946F67-9BF4-4BF4-B61B-E3728C3B384B}\E45445745414250323 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-BHO: {FFCB3198-32F3-4E8B-9539-4324694ED664} - <orphaned>
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-12-11 157696]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-12-11 22128]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-20 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-24 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-24 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-24 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-20 108440]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2010-8-24 38440]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-6 293552]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-12-11 158976]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2012-12-11 27760]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 MxEF;Matrox Extio Device;C:\Windows\System32\drivers\MxEF64.sys [2012-12-11 119296]
S3 MxEFLF;Matrox Extio Lower Function Filter;C:\Windows\System32\drivers\MxEFLF64.sys [2012-12-11 116224]
S3 MxEMgr;MxEMgr;C:\Windows\System32\drivers\MxEMgr64.sys [2012-12-11 125472]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-12-11 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-12-11 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-24 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-24 1255736]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-1-31 1035680]
S4 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-1-31 36768]
.
=============== Created Last 30 ================
.
2014-01-30 06:23:06 -------- d-----w- C:\Users\SRO\AppData\Roaming\Avira
2014-01-30 06:20:23 6164 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2014-01-30 05:43:11 -------- d-----w- C:\Users\SRO\AppData\Local\Google
2014-01-30 05:29:09 -------- d-----w- C:\Users\SRO\AppData\Local\VirtualStore
2014-01-30 05:29:03 -------- d-----w- C:\Users\SRO\AppData\Roaming\Intel
2014-01-30 02:53:14 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-30 02:53:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-30 02:53:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 02:12:08 -------- d-----w- C:\AdwCleaner
2014-01-30 00:34:05 -------- d-----w- C:\Program Files\Speccy
2014-01-18 02:07:09 -------- d-----w- C:\Program Files\Microsoft LifeCam
2014-01-18 02:07:09 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2014-01-15 15:05:34 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 15:05:34 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 15:05:34 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 15:05:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 15:05:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 15:05:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 15:05:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 15:05:32 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 15:05:30 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2013-12-17 13:58:31 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-17 13:58:31 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-12-14 19:13:40 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-11-25 19:12:51 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 03:19:36 3923456 ----a-w- C:\Windows\System32\python33.dll
2013-11-19 03:18:20 94208 ----a-w- C:\Windows\pyw.exe
2013-11-19 03:18:20 93696 ----a-w- C:\Windows\py.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  0:48:00.60 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2012 5:01:42 PM
System Uptime: 1/30/2014 12:15:28 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0N5KHN
Processor: Intel® Core™ i5 CPU       M 520  @ 2.40GHz | CPU 1 | 1176/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 203.309 GiB free.
D: is CDROM ()
E: is CDROM ()
R: is FIXED (NTFS) - 8 GiB total, 3.562 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\SMO8800\1
Manufacturer: 
Name: 
PNP Device ID: ACPI\SMO8800\1
Service: 
.
Class GUID: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\2
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\2
Service: CmBatt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe Reader XI (11.0.06)
Audacity 2.0.5
Auslogics Disk Defrag
Avira Free Antivirus
CCleaner
CDBurnerXP
Crusader Kings II version 1.111
D3DX10
Dell ControlVault Host Components Installer 64 bit
Dell Custom Help
Dell Touchpad
Diablo
Diablo II
Family Tree Maker 2012
Google Chrome
Google Update Helper
HiJackThis
Indeo® Software
Intel® PROSet/Wireless WiFi Software Driver
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Java 7 Update 45 (64-bit)
K-Lite Mega Codec Pack 9.3.0
Lucas Chess v. 7.05
Magic Workstation 0.94f
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mount&Blade
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MTG Card Images for Magic Workstation
MTG GamePack for Magic Workstation
NVIDIA Control Panel 296.10
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
OpenOffice 4.0.0
Photo Common
Python 3.3.3 (64-bit)
Secunia PSI (3.0.0.6001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype™ 6.11
Space Quest 2 VGA 1.1
Speccy
Stellarium 0.12.0
SUPERAntiSpyware
The Last Days 3.23
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
1/30/2014 12:01:02 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/29/2014 9:51:51 PM, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
1/29/2014 11:51:38 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:50:00 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/29/2014 11:49:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/29/2014 11:49:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/29/2014 11:49:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/29/2014 11:49:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/29/2014 11:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/29/2014 11:49:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:38 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/29/2014 11:49:36 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/29/2014 11:49:36 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/29/2014 11:49:36 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/29/2014 11:49:36 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/29/2014 11:33:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/29/2014 10:28:31 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
1/29/2014 10:10:41 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/24/2014 4:41:39 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.1.11. The computer with the IP address 10.0.1.3 did not allow the name to be claimed by this computer.
1/24/2014 3:44:43 PM, Error: BROWSER [8019]  - The browser was unable to promote itself to master browser.  The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
1/24/2014 2:01:00 PM, Error: BROWSER [8020]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is unknown.
1/23/2014 11:43:48 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================

Edited by hamluis, 01 February 2014 - 04:53 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 03 February 2014 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 03 February 2014 - 12:39 PM

Hi NASDAQ! :) Here's the Farbar scan

 

Ran by SRO (administrator) on E6510-403STM1 on 03-02-2014 11:32:09
Running from C:\Users\SRO\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-04-18] (Intel® Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: No Name - {FFCB3198-32F3-4E8B-9539-4324694ED664} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (YouTube) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Google Search) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Gmail) - C:\Users\SRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-24] (DT Soft Ltd)
S3 MxEF; C:\Windows\system32\drivers\MxEF64.sys [119296 2011-08-16] (Matrox Graphics Inc.)
S3 MxEFLF; C:\Windows\system32\drivers\MxEFLF64.sys [116224 2011-08-16] (Matrox Graphics Inc.)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S3 MxEMgr; C:\Windows\system32\drivers\MxEMgr64.sys [125472 2011-08-16] (Matrox Graphics Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-03 11:32 - 2014-02-03 11:33 - 00007652 _____ () C:\Users\SRO\Desktop\FRST.txt
2014-02-03 11:31 - 2014-02-03 11:30 - 02080256 _____ (Farbar) C:\Users\SRO\Desktop\FRST64.exe
2014-02-03 11:30 - 2014-02-03 11:32 - 00000000 ____D () C:\FRST
2014-02-03 11:29 - 2014-02-03 11:30 - 02080256 _____ (Farbar) C:\Users\SRO\Downloads\FRST64.exe
2014-02-01 05:01 - 2014-02-01 05:02 - 00000000 ____D () C:\Users\SRO\Desktop\Seanstuff
2014-02-01 04:59 - 2014-02-01 04:59 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\OpenOffice
2014-01-31 18:10 - 2014-01-31 18:10 - 00138785 _____ () C:\Users\SRO\Downloads\FoRBbooklet.txt
2014-01-31 03:00 - 2013-10-25 00:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-31 03:00 - 2013-10-25 00:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-31 03:00 - 2013-10-25 00:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-31 03:00 - 2013-10-25 00:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-31 03:00 - 2013-10-25 00:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-31 03:00 - 2013-10-25 00:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-31 03:00 - 2013-10-24 22:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-31 03:00 - 2013-10-24 22:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-31 03:00 - 2013-10-24 22:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-31 03:00 - 2013-10-24 22:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-31 03:00 - 2013-10-24 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-31 03:00 - 2013-10-24 21:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-31 03:00 - 2013-10-24 21:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-31 03:00 - 2013-10-24 20:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-30 19:55 - 2014-01-30 21:51 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Skype
2014-01-30 11:55 - 2014-01-30 11:55 - 00000015 _____ () C:\Users\SRO\Desktop\bpcpw.txt
2014-01-30 11:42 - 2014-01-30 11:42 - 00003351 _____ () C:\Users\SRO\Desktop\attach.zip
2014-01-30 00:48 - 2014-01-30 00:48 - 00012821 _____ () C:\Users\SRO\Desktop\dds.txt
2014-01-30 00:48 - 2014-01-30 00:48 - 00011812 _____ () C:\Users\SRO\Desktop\attach.txt
2014-01-30 00:47 - 2014-01-30 00:47 - 00688992 ____R (Swearware) C:\Users\SRO\Downloads\dds.com
2014-01-30 00:23 - 2014-01-30 00:23 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Avira
2014-01-29 23:43 - 2014-01-29 23:43 - 00000000 ____D () C:\Users\SRO\AppData\Local\Google
2014-01-29 23:42 - 2014-01-30 00:17 - 00002266 _____ () C:\Users\SRO\Desktop\Google Chrome.lnk
2014-01-29 23:42 - 2014-01-30 00:17 - 00001424 _____ () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-29 23:42 - 2014-01-29 23:42 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Adobe
2014-01-29 23:34 - 2014-01-29 23:34 - 00068056 _____ () C:\Users\SRO\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 23:29 - 2014-01-30 00:17 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 23:29 - 2014-01-30 00:17 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-29 23:29 - 2014-01-29 23:29 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Intel
2014-01-29 23:29 - 2014-01-29 23:29 - 00000000 ____D () C:\Users\SRO\AppData\Local\VirtualStore
2014-01-29 23:24 - 2014-01-30 00:16 - 00000000 ____D () C:\Users\SRO
2014-01-29 23:24 - 2014-01-29 23:24 - 00000020 ___SH () C:\Users\SRO\ntuser.ini
2014-01-29 23:24 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-29 23:24 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-29 22:42 - 2014-01-29 22:50 - 00000000 ____D () C:\Users\Sean\Desktop\keepbin
2014-01-29 20:53 - 2014-01-29 20:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Malwarebytes
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 20:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 20:12 - 2014-01-29 20:14 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:11 - 2014-01-29 20:10 - 01166132 _____ () C:\Users\Sean\Desktop\AdwCleaner.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 01166132 _____ () C:\Users\Sean\Downloads\AdwCleaner.exe
2014-01-29 19:54 - 2014-01-29 19:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sean\Downloads\TFC.exe
2014-01-29 19:54 - 2014-01-29 19:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sean\Desktop\TFC.exe
2014-01-29 19:28 - 2014-01-29 19:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Sean\Downloads\mbam-clean-1.60.2.0003.exe
2014-01-29 19:28 - 2014-01-29 19:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Sean\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-29 18:48 - 2014-01-29 18:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup.exe
2014-01-29 18:48 - 2014-01-29 18:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Sean\Desktop\mbam-setup.exe
2014-01-29 18:45 - 2014-01-29 18:45 - 00000194 _____ () C:\Users\Sean\Downloads\hosts-perm.bat
2014-01-29 18:45 - 2014-01-29 18:45 - 00000194 _____ () C:\Users\Sean\Desktop\hosts-perm.bat
2014-01-29 18:39 - 2014-01-29 18:39 - 00002644 _____ () C:\Users\Sean\Desktop\Rkill.txt
2014-01-29 18:38 - 2014-01-29 18:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill.exe
2014-01-29 18:38 - 2014-01-29 18:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sean\Desktop\rkill.exe
2014-01-29 18:34 - 2014-01-29 18:34 - 00000803 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-01-29 18:34 - 2014-01-29 18:34 - 00000000 ____D () C:\Program Files\Speccy
2014-01-29 18:24 - 2014-01-29 19:25 - 00001041 _____ () C:\Users\Sean\Desktop\Result.txt
2014-01-29 18:22 - 2014-01-29 18:22 - 00982016 _____ (Farbar) C:\Users\Sean\Desktop\MiniToolBox.exe
2014-01-29 18:11 - 2014-01-29 18:11 - 00987425 _____ () C:\Users\Sean\Downloads\SecurityCheck.exe
2014-01-29 15:33 - 2014-01-29 15:33 - 00005289 _____ () C:\Users\Sean\Desktop\Bleepingcomputertesting.txt
2014-01-29 11:16 - 2014-01-29 11:17 - 55915216 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-28 22:55 - 2014-01-28 22:55 - 00347816 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\MicrosoftFixit.IEPerformance.LB.2731439852046084.1.1.Run.exe
2014-01-28 22:50 - 2014-01-28 22:52 - 21086208 _____ () C:\Users\Sean\Downloads\python-3.3.3.amd64.msi
2014-01-28 20:39 - 2014-01-28 20:40 - 13079688 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Silverlight_x64.exe
2014-01-28 20:29 - 2014-01-28 20:29 - 00840584 _____ (Adobe Systems Incorporated) C:\Users\Sean\Downloads\uninstall_flash_player.exe
2014-01-26 22:47 - 2014-01-26 22:47 - 00000163 _____ () C:\Users\Sean\Documents\LadyBirdLake.txt
2014-01-26 16:02 - 2014-01-26 16:02 - 00008893 _____ () C:\Users\Sean\Documents\TexaseducationIowahawk.txt
2014-01-23 22:42 - 2014-01-23 22:42 - 00000277 _____ () C:\Users\Sean\Documents\plannancybrian.txt
2014-01-23 22:42 - 2014-01-23 22:42 - 00000102 _____ () C:\Users\Sean\Documents\albertspeer.txt
2014-01-17 20:07 - 2014-01-17 20:07 - 00002036 _____ () C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-01-15 09:05 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:05 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:05 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:05 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 15:09 - 2014-01-14 18:12 - 00016705 _____ () C:\Users\Sean\Documents\OurFathersFaith translation.txt
2014-01-14 15:00 - 2014-01-14 15:00 - 00015558 _____ () C:\Users\Sean\Documents\Catholicnorwegiantranslate.txt
2014-01-08 08:54 - 2014-01-13 13:56 - 00011948 _____ () C:\Users\Sean\Documents\article1Nikolai.txt
 
==================== One Month Modified Files and Folders =======
 
2014-02-03 11:33 - 2014-02-03 11:32 - 00007652 _____ () C:\Users\SRO\Desktop\FRST.txt
2014-02-03 11:32 - 2014-02-03 11:30 - 00000000 ____D () C:\FRST
2014-02-03 11:30 - 2014-02-03 11:31 - 02080256 _____ (Farbar) C:\Users\SRO\Desktop\FRST64.exe
2014-02-03 11:30 - 2014-02-03 11:29 - 02080256 _____ (Farbar) C:\Users\SRO\Downloads\FRST64.exe
2014-02-03 10:59 - 2012-12-24 22:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 10:34 - 2013-01-15 05:04 - 01539686 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 00:59 - 2012-12-24 22:23 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 13:39 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 13:39 - 2009-07-13 22:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 13:36 - 2009-07-13 23:13 - 00796230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 13:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 13:30 - 2013-08-30 08:15 - 00022523 _____ () C:\Windows\setupact.log
2014-02-01 05:02 - 2014-02-01 05:01 - 00000000 ____D () C:\Users\SRO\Desktop\Seanstuff
2014-02-01 04:59 - 2014-02-01 04:59 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\OpenOffice
2014-01-31 18:10 - 2014-01-31 18:10 - 00138785 _____ () C:\Users\SRO\Downloads\FoRBbooklet.txt
2014-01-30 21:51 - 2014-01-30 19:55 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Skype
2014-01-30 11:55 - 2014-01-30 11:55 - 00000015 _____ () C:\Users\SRO\Desktop\bpcpw.txt
2014-01-30 11:42 - 2014-01-30 11:42 - 00003351 _____ () C:\Users\SRO\Desktop\attach.zip
2014-01-30 03:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-01-30 00:48 - 2014-01-30 00:48 - 00012821 _____ () C:\Users\SRO\Desktop\dds.txt
2014-01-30 00:48 - 2014-01-30 00:48 - 00011812 _____ () C:\Users\SRO\Desktop\attach.txt
2014-01-30 00:47 - 2014-01-30 00:47 - 00688992 ____R (Swearware) C:\Users\SRO\Downloads\dds.com
2014-01-30 00:23 - 2014-01-30 00:23 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Avira
2014-01-30 00:17 - 2014-01-29 23:42 - 00002266 _____ () C:\Users\SRO\Desktop\Google Chrome.lnk
2014-01-30 00:17 - 2014-01-29 23:42 - 00001424 _____ () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 00:17 - 2014-01-29 23:29 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 00:17 - 2014-01-29 23:29 - 00000000 ___RD () C:\Users\SRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-30 00:16 - 2014-01-29 23:24 - 00000000 ____D () C:\Users\SRO
2014-01-29 23:43 - 2014-01-29 23:43 - 00000000 ____D () C:\Users\SRO\AppData\Local\Google
2014-01-29 23:42 - 2014-01-29 23:42 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Adobe
2014-01-29 23:34 - 2014-01-29 23:34 - 00068056 _____ () C:\Users\SRO\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 23:29 - 2014-01-29 23:29 - 00000000 ____D () C:\Users\SRO\AppData\Roaming\Intel
2014-01-29 23:29 - 2014-01-29 23:29 - 00000000 ____D () C:\Users\SRO\AppData\Local\VirtualStore
2014-01-29 23:24 - 2014-01-29 23:24 - 00000020 ___SH () C:\Users\SRO\ntuser.ini
2014-01-29 22:50 - 2014-01-29 22:42 - 00000000 ____D () C:\Users\Sean\Desktop\keepbin
2014-01-29 22:43 - 2012-12-24 17:01 - 00000000 ____D () C:\Users\Sean
2014-01-29 22:07 - 2012-12-24 22:23 - 00000000 ____D () C:\Users\Sean\AppData\Local\Deployment
2014-01-29 20:53 - 2014-01-29 20:53 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Malwarebytes
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:53 - 2014-01-29 20:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 20:50 - 2013-08-30 08:15 - 00076320 _____ () C:\Windows\PFRO.log
2014-01-29 20:14 - 2014-01-29 20:12 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:10 - 2014-01-29 20:11 - 01166132 _____ () C:\Users\Sean\Desktop\AdwCleaner.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 01166132 _____ () C:\Users\Sean\Downloads\AdwCleaner.exe
2014-01-29 19:54 - 2014-01-29 19:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sean\Downloads\TFC.exe
2014-01-29 19:54 - 2014-01-29 19:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sean\Desktop\TFC.exe
2014-01-29 19:28 - 2014-01-29 19:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Sean\Downloads\mbam-clean-1.60.2.0003.exe
2014-01-29 19:28 - 2014-01-29 19:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Sean\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-29 19:25 - 2014-01-29 18:24 - 00001041 _____ () C:\Users\Sean\Desktop\Result.txt
2014-01-29 18:48 - 2014-01-29 18:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup.exe
2014-01-29 18:48 - 2014-01-29 18:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Sean\Desktop\mbam-setup.exe
2014-01-29 18:45 - 2014-01-29 18:45 - 00000194 _____ () C:\Users\Sean\Downloads\hosts-perm.bat
2014-01-29 18:45 - 2014-01-29 18:45 - 00000194 _____ () C:\Users\Sean\Desktop\hosts-perm.bat
2014-01-29 18:39 - 2014-01-29 18:39 - 00002644 _____ () C:\Users\Sean\Desktop\Rkill.txt
2014-01-29 18:38 - 2014-01-29 18:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill.exe
2014-01-29 18:38 - 2014-01-29 18:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sean\Desktop\rkill.exe
2014-01-29 18:34 - 2014-01-29 18:34 - 00000803 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-01-29 18:34 - 2014-01-29 18:34 - 00000000 ____D () C:\Program Files\Speccy
2014-01-29 18:22 - 2014-01-29 18:22 - 00982016 _____ (Farbar) C:\Users\Sean\Desktop\MiniToolBox.exe
2014-01-29 18:11 - 2014-01-29 18:11 - 00987425 _____ () C:\Users\Sean\Downloads\SecurityCheck.exe
2014-01-29 15:33 - 2014-01-29 15:33 - 00005289 _____ () C:\Users\Sean\Desktop\Bleepingcomputertesting.txt
2014-01-29 11:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-29 11:18 - 2013-12-03 03:00 - 00008923 _____ () C:\Windows\IE11_main.log
2014-01-29 11:17 - 2014-01-29 11:16 - 55915216 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-28 22:55 - 2014-01-28 22:55 - 00347816 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\MicrosoftFixit.IEPerformance.LB.2731439852046084.1.1.Run.exe
2014-01-28 22:52 - 2014-01-28 22:50 - 21086208 _____ () C:\Users\Sean\Downloads\python-3.3.3.amd64.msi
2014-01-28 20:40 - 2014-01-28 20:39 - 13079688 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Silverlight_x64.exe
2014-01-28 20:29 - 2014-01-28 20:29 - 00840584 _____ (Adobe Systems Incorporated) C:\Users\Sean\Downloads\uninstall_flash_player.exe
2014-01-28 19:37 - 2012-12-24 22:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-27 00:06 - 2012-12-24 19:37 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Skype
2014-01-26 22:47 - 2014-01-26 22:47 - 00000163 _____ () C:\Users\Sean\Documents\LadyBirdLake.txt
2014-01-26 16:02 - 2014-01-26 16:02 - 00008893 _____ () C:\Users\Sean\Documents\TexaseducationIowahawk.txt
2014-01-23 22:42 - 2014-01-23 22:42 - 00000277 _____ () C:\Users\Sean\Documents\plannancybrian.txt
2014-01-23 22:42 - 2014-01-23 22:42 - 00000102 _____ () C:\Users\Sean\Documents\albertspeer.txt
2014-01-17 21:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-17 20:07 - 2014-01-17 20:07 - 00002036 _____ () C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-01-17 20:07 - 2014-01-17 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-01-16 03:21 - 2009-07-13 22:45 - 00314008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:01 - 2013-07-19 16:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2012-12-24 18:26 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 18:12 - 2014-01-14 15:09 - 00016705 _____ () C:\Users\Sean\Documents\OurFathersFaith translation.txt
2014-01-14 15:00 - 2014-01-14 15:00 - 00015558 _____ () C:\Users\Sean\Documents\Catholicnorwegiantranslate.txt
2014-01-13 13:56 - 2014-01-08 08:54 - 00011948 _____ () C:\Users\Sean\Documents\article1Nikolai.txt
2014-01-13 13:56 - 2012-12-25 05:31 - 00002629 _____ () C:\Users\Sean\Documents\shuffleupyesterday.txt
 
Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\avgnt.exe
C:\Users\SRO\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-30 02:59
 
==================== End Of Log ============================


#4 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 03 February 2014 - 12:43 PM

Hi NASDAQ - here's the second part of the Farbar (attached!) scan.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by SRO at 2014-02-03 11:34:28
Running from C:\Users\SRO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (x32 Version: 1.0 - )
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
Auslogics Disk Defrag (x32 Version: 3.6 - Auslogics Software Pty Ltd)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
CCleaner (Version: 3.26 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4214 - CDBurnerXP)
Crusader Kings II version 1.111 (x32 Version: 1.111 - Paradox Interactive)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.2.187 - Broadcom Corporation)
Dell Custom Help (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Dell Touchpad (Version: 7.1107.101.210 - ALPS ELECTRIC CO., LTD.)
Diablo (x32 Version:  - )
Diablo II (x32 Version:  - )
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
Indeo® Software (x32 Version:  - )
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (x32 Version: 15.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
K-Lite Mega Codec Pack 9.3.0 (x32 Version: 9.3.0 - )
Lucas Chess v. 7.05 (x32 Version:  - )
Magic Workstation 0.94f (x32 Version:  - Magic Technology)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (x32 Version:  - )
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTG Card Images for Magic Workstation (x32 Version:  - )
MTG GamePack for Magic Workstation (x32 Version:  - Magic Technology)
NVIDIA Control Panel 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Python 3.3.3 (64-bit) (Version: 3.3.3150 - Python Software Foundation)
Secunia PSI (3.0.0.6001) (x32 Version: 3.0.0.6001 - Secunia)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Space Quest 2 VGA 1.1 (x32 Version:  - Infamous Adventures)
Speccy (Version: 1.25 - Piriform)
Stellarium 0.12.0 (Version: 0.12.0 - Stellarium team)
SUPERAntiSpyware (Version: 5.6.1014 - SUPERAntiSpyware.com)
The Last Days 3.23 (x32 Version: 3.23 - TLD Team)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (x32 Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {6AEC4FFC-02F0-41B0-A5B0-A82CBD9F8025} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24] (Google Inc.)
Task: {729BE169-57E6-4E8E-9E57-C2961C387A51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {9E606287-81AA-428E-B0E6-79D73C296025} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24] (Google Inc.)
Task: {BFC7D9E0-5362-4098-A6BF-A1A78824EFB6} - System32\Tasks\{5128F699-9865-4E55-826B-FD29ACA9FA6B} => C:\Games\FALLOUT\FALLOUTW.EXE [2012-12-25] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-24 19:30 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-28 10:00 - 2014-01-22 23:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 10:00 - 2014-01-22 23:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 10:00 - 2014-01-22 23:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 10:00 - 2014-01-22 23:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 10:00 - 2014-01-22 23:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-28 10:00 - 2014-01-22 23:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2014 01:31:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.8.0.0, time stamp: 0x51709701
Faulting module name: MurocApi.dll, version: 15.8.0.0, time stamp: 0x5170961c
Exception code: 0xc0000005
Fault offset: 0x000000000002697d
Faulting process id: 0xb80
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (02/01/2014 01:31:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 05:05:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 04:51:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 04:36:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2014 03:20:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2014 11:36:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2014 00:20:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 19774. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (01/30/2014 00:20:20 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (01/30/2014 00:20:20 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 19774. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
 
System errors:
=============
Error: (02/01/2014 01:32:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2014 01:30:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:37:58 AM on ‎2/‎1/‎2014 was unexpected.
 
Error: (02/01/2014 05:01:34 AM) (Source: DCOM) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Error: (02/01/2014 04:51:31 AM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 04:49:57 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 04:49:57 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 04:49:57 AM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
Error: (02/01/2014 04:49:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 04:49:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 04:49:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (02/01/2014 01:31:50 PM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe15.8.0.051709701MurocApi.dll15.8.0.05170961cc0000005000000000002697db8001cf1f842f8ec1deC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll7e941a7b-8b77-11e3-85f6-5cac4cf35266
 
Error: (02/01/2014 01:31:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 05:05:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 04:51:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 04:36:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2014 03:20:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2014 11:36:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2014 00:20:23 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 19774163E4D00003C4D00003D4D0000B8010000
 
Error: (01/30/2014 00:20:20 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (01/30/2014 00:20:20 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 19774163E4D00003C4D00003D4D000068010000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 4021.83 MB
Available physical RAM: 1802.11 MB
Total Pagefile: 8041.84 MB
Available Pagefile: 5303.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:290.28 GB) (Free:202.33 GB) NTFS
Drive r: (Recovery) (Fixed) (Total:7.81 GB) (Free:3.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FED20F29)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=290 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 03 February 2014 - 01:41 PM


Your Farbar log is clean.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

It looks like your Wireless network needs some attention.
If you have the installation CD then I suggest you re-install it.
===

You will find that this site may help in getting the correct driver.
http://www.intel.com/support/wireless/wtech/proset-ws/sb/CS-034041.htm

Let me know what problem persists.

#6 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 03 February 2014 - 01:52 PM

I'm not the wireless network administrator, so any problems with the router isn't something I can do. 
 
Here's the security check log. 
 
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.6001)   
 Adobe Reader XI  
 Mozilla Firefox 24.0 Firefox out of Date!
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

Edited by BenKenobi18, 03 February 2014 - 02:33 PM.


#7 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 03 February 2014 - 01:54 PM

Ok, rechecking problems... I have access to my security panel without crashing. Now I'll try to open C/Users/Olduser. Last I tried this my system hanged and I had to reboot. 

 

permissionsolduserpic_zpsa0d42c84.png

 

This is what I see when I open the permissions for C:/user/olduser. I see a user that should not be there. There's another one too, but I wasn't fast enough with the screenshot.

 

Ok, Tried to reopen C:/User/Olduser. Denies me access despite being an administrator. Attempted to take control of file but the system eventually hangs. CTL+ALT+DEL fails to bring up security options. 


Edited by BenKenobi18, 03 February 2014 - 02:17 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 04 February 2014 - 07:52 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair

Ok, Tried to reopen C:/User/Olduser. Denies me access despite being an administrator. Attempted to take control of file but the system eventually hangs. CTL+ALT+DEL fails to bring up security options.

Can you get access to that user profile now?

#9 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 February 2014 - 08:50 AM

First run, crashed. Rerunning...

 

Nope, gonna have to break it up. Keeps stalling out when it works on the WMI part 4.  I'll take it one at a time, because that's the only way this is gonna work.


Edited by BenKenobi18, 04 February 2014 - 09:53 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 04 February 2014 - 09:54 AM

Lets have a look at your ProfileList.
If you see any profile that you want to remove let me know which one.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#11 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 February 2014 - 11:01 AM

Ok, I ran the windows tweaking program successfully. Everything but 'unhide', and WMI were successfully fixed. Program stalled when trying to unhide 

 

"C:/Users/Sean/Appdata/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/MYY6C86B".

 

C:/Users/Sean is still not giving me access. Fixed lots of other stuff though!

 

This is the file that's been giving me no end of troubles.       


Edited by BenKenobi18, 04 February 2014 - 11:10 AM.


#12 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 February 2014 - 11:07 AM

Here's the system look log. 
 
I want to remove the Sean Profile. 
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 10:06 on 04/02/2014 by SRO
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"ProfilesDirectory"="%SystemDrive%\Users"
"Default"="%SystemDrive%\Users\Default"
"Public"="%SystemDrive%\Users\Public"
"ProgramData"="%SystemDrive%\ProgramData"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"= 0x000000000c (12)
"State"= 0x0000000000 (0)
"RefCount"= 0x0000000001 (1)
"Sid"=01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)
"ProfileImagePath"="%systemroot%\system32\config\systemprofile"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath"="C:\Windows\ServiceProfiles\LocalService"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath"="C:\Windows\ServiceProfiles\NetworkService"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3611418123-2107797432-3771303780-1001]
"ProfileImagePath"="C:\Users\Sean"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000100 (256)
"Sid"=01 05 00 00 00 00 00 05 15 00 00 00 0b de 41 d7 b8 6f a2 7d 64 87 c9 e0 e9 03 00 00  (REG_BINARY)
"ProfileLoadTimeLow"= 0x0000000000 (0)
"ProfileLoadTimeHigh"= 0x0000000000 (0)
"RefCount"= 0x0000000000 (0)
"RunLogonScriptSync"= 0x0000000000 (0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3611418123-2107797432-3771303780-1004]
"ProfileImagePath"="C:\Users\SRO"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
"Sid"=01 05 00 00 00 00 00 05 15 00 00 00 0b de 41 d7 b8 6f a2 7d 64 87 c9 e0 ec 03 00 00  (REG_BINARY)
"ProfileLoadTimeLow"= 0x0000000000 (0)
"ProfileLoadTimeHigh"= 0x0000000000 (0)
"RefCount"= 0x0000000003 (3)
"RunLogonScriptSync"= 0x0000000000 (0)
 
 
-= EOF =-

Edited by BenKenobi18, 04 February 2014 - 11:09 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 04 February 2014 - 01:57 PM


Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3611418123-2107797432-3771303780-1001]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

Restart the computer normally.

How is it now?

#14 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 February 2014 - 04:32 PM

Cool!, Back from work now. Lemme finish this up!

 

Ok, it worked, blah. I did it wrong. :)

 

Nope. No change to that one folder. It's still blocking me.


Edited by BenKenobi18, 04 February 2014 - 04:57 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:43 PM

Posted 05 February 2014 - 09:17 AM



Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Go to this page:
http://download.bleepingcomputer.com/win-services/7/

Download following registry files to your desktops:
WmiAcpi.reg
WmiApRpl.reg
wmiApSrv.reg

Double click on on each downloaded files and confirm the prompt.
Restart computer normally.
Post new FSS log.

===

Run the Repair tool suggested in post no. 8.
Post the log if you can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users