Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have been infected.


  • Please log in to reply
8 replies to this topic

#1 PaperBoy112

PaperBoy112

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 14 March 2014 - 12:14 PM

So for a while now, I always thought I had some sort of virus. It all started one day when some really strange stuff happened. My webcam turned on and windows installers popped up without me even doing anything. So I reset my computer, and found about this site and used the malware removal tools such as MalwareBytes, so I thought I was safe. But today, I scanned my system with avast and it said it found a Trojan and it was placed in the virus chest, but I still think I am infected. All help is appreciated, thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:36 PM

Posted 14 March 2014 - 12:26 PM

Hello Paperboy
 
Lets see what these return.
 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 15 March 2014 - 02:57 PM

NOTE: I had to split the posts because it was to big to post all together.

 

MiniToolBox:

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Andrew (administrator) on 15-03-2014 at 08:02:08
Running from "C:\Users\Andrew\Downloads\Scans"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Ralink RT3290 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wi-Fi" nexthop=192.168.2.1 publish=Yes
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Wi-Fi" address=192.168.2.22 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 34-23-87-0E-76-27
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 34-23-87-0E-76-25
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9d27:fcbb:3880:9bfe%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 322184071
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-92-21-2E-A0-48-1C-D4-04-6C
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-48-1C-D4-04-6C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:34a8:24e9:51a2:8a16(Preferred)
   Link-local IPv6 Address . . . . . : fe80::34a8:24e9:51a2:8a16%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{13A2C8B7-3620-46A7-8042-DB99EB462E5B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2607:f8b0:400b:807::1007
   173.194.43.104
   173.194.43.98
   173.194.43.102
   173.194.43.96
   173.194.43.97
   173.194.43.99
   173.194.43.105
   173.194.43.100
   173.194.43.110
   173.194.43.101
   173.194.43.103

Pinging google.com [173.194.43.104] with 32 bytes of data:
Reply from 173.194.43.104: bytes=32 time=11ms TTL=55
Reply from 173.194.43.104: bytes=32 time=10ms TTL=55

Ping statistics for 173.194.43.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 11ms, Average = 10ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=41ms TTL=50
Reply from 98.139.183.24: bytes=32 time=39ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 41ms, Average = 40ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...34 23 87 0e 76 27 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...34 23 87 0e 76 25 ......Ralink RT3290 802.11bgn Wi-Fi Adapter
 12...a0 48 1c d4 04 6c ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.22    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link      192.168.2.22    281
     192.168.2.22  255.255.255.255         On-link      192.168.2.22    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.22    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.22    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.22    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:9d38:90d7:34a8:24e9:51a2:8a16/128
                                    On-link
 13    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::34a8:24e9:51a2:8a16/128
                                    On-link
 13    281 fe80::9d27:fcbb:3880:9bfe/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/15/2014 07:56:13 AM) (Source: ESENT) (User: )
Description: taskhostex (3088) WebCacheLocal: Database recovery/restore failed with unexpected error -509.

Error: (03/14/2014 09:00:00 AM) (Source: ESENT) (User: )
Description: svchost (1868) SRUJet: Database recovery/restore failed with unexpected error -551.

Error: (03/14/2014 09:00:00 AM) (Source: ESENT) (User: )
Description: svchost (1868) SRUJet: Database recovery failed with error -551 because it encountered references to a database, 'C:\Windows\system32\SRU\SRUDB.dat', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (03/14/2014 08:49:28 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.

Error: (03/14/2014 08:49:28 AM) (Source: ESENT) (User: )
Description: Catalog Database (1372) Catalog Database: Database recovery/restore failed with unexpected error -1216.

Error: (03/14/2014 08:49:28 AM) (Source: ESENT) (User: )
Description: Catalog Database (1372) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (03/13/2014 03:37:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -551.

Error: (03/13/2014 03:37:39 PM) (Source: ESENT) (User: )
Description: Catalog Database (1388) Catalog Database: Database recovery/restore failed with unexpected error -551.

Error: (03/13/2014 03:37:39 PM) (Source: ESENT) (User: )
Description: Catalog Database (1388) Catalog Database: Database recovery failed with error -551 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (03/13/2014 00:15:50 PM) (Source: MsiInstaller) (User: Andrew-PC)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1704.An installation for Microsoft Games for Windows - LIVE Redistributable is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

System errors:
=============
Error: (03/14/2014 00:22:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (03/14/2014 00:21:00 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/14/2014 00:21:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:52:23 AM on ?2014-?03-?14 was unexpected.

Error: (03/14/2014 10:31:57 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/14/2014 10:31:40 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 10:31:21 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 10:28:10 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 10:18:17 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 10:18:10 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/14/2014 10:08:10 AM) (Source: DCOM) (User: Andrew-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (03/15/2014 07:56:13 AM) (Source: ESENT)(User: )
Description: taskhostex3088WebCacheLocal: -509

Error: (03/14/2014 09:00:00 AM) (Source: ESENT)(User: )
Description: svchost1868SRUJet: -551

Error: (03/14/2014 09:00:00 AM) (Source: ESENT)(User: )
Description: svchost1868SRUJet: -551C:\Windows\system32\SRU\SRUDB.dat

Error: (03/14/2014 08:49:28 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -1216

Error: (03/14/2014 08:49:28 AM) (Source: ESENT)(User: )
Description: Catalog Database1372Catalog Database: -1216

Error: (03/14/2014 08:49:28 AM) (Source: ESENT)(User: )
Description: Catalog Database1372Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Error: (03/13/2014 03:37:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -551

Error: (03/13/2014 03:37:39 PM) (Source: ESENT)(User: )
Description: Catalog Database1388Catalog Database: -551

Error: (03/13/2014 03:37:39 PM) (Source: ESENT)(User: )
Description: Catalog Database1388Catalog Database: -551C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Error: (03/13/2014 00:15:50 PM) (Source: MsiInstaller)(User: Andrew-PC)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1704.An installation for Microsoft Games for Windows - LIVE Redistributable is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
  Date: 2014-03-13 07:38:58.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:38:58.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:43.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:43.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:42.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:41.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:38.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:38.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:09.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:08.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

4 Elements II (Version: 2.2.0.98)
Adobe Photoshop Elements 11 (Version: 11.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Airport Mania (Version: 2.2.0.95)
Aloha TriPeaks (Version: 2.2.0.98)
AMD Accelerated Video Transcoding (Version: 12.10.100.30614)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Fuel (Version: 2013.0614.353.5073)
AMD VISION Engine Control Center (Version: 2013.0614.353.5073)
avast! Premier (Version: 9.0.2013)
Azteca (Version: 2.2.0.97)
Bejeweled 3 (Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.97)
Build-a-lot (Version: 2.2.0.98)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0614.353.5073)
Catalyst Control Center InstallProxy (Version: 2013.0614.353.5073)
Catalyst Control Center Localization All (Version: 2013.0614.353.5073)
CCC Help Chinese Standard (Version: 2013.0614.0352.5073)
CCC Help Chinese Traditional (Version: 2013.0614.0352.5073)
CCC Help Czech (Version: 2013.0614.0352.5073)
CCC Help Danish (Version: 2013.0614.0352.5073)
CCC Help Dutch (Version: 2013.0614.0352.5073)
CCC Help English (Version: 2013.0614.0352.5073)
CCC Help Finnish (Version: 2013.0614.0352.5073)
CCC Help French (Version: 2013.0614.0352.5073)
CCC Help German (Version: 2013.0614.0352.5073)
CCC Help Greek (Version: 2013.0614.0352.5073)
CCC Help Hungarian (Version: 2013.0614.0352.5073)
CCC Help Italian (Version: 2013.0614.0352.5073)
CCC Help Japanese (Version: 2013.0614.0352.5073)
CCC Help Korean (Version: 2013.0614.0352.5073)
CCC Help Norwegian (Version: 2013.0614.0352.5073)
CCC Help Polish (Version: 2013.0614.0352.5073)
CCC Help Portuguese (Version: 2013.0614.0352.5073)
CCC Help Russian (Version: 2013.0614.0352.5073)
CCC Help Spanish (Version: 2013.0614.0352.5073)
CCC Help Swedish (Version: 2013.0614.0352.5073)
CCC Help Thai (Version: 2013.0614.0352.5073)
CCC Help Turkish (Version: 2013.0614.0352.5073)
ccc-utility64 (Version: 2013.0614.353.5073)
Counter-Strike: Source
Cradle of Rome 2 (Version: 2.2.0.98)
Curse at Twilight (Version: 3.0.2.32)
CyberLink YouCam (Version: 3.5.6.6119)
D3DX10 (Version: 15.4.2368.0902)
Delicious: Emily's Childhood Memories Premium Edition (Version: 3.0.2.32)
Elements 11 Organizer (Version: 11.0)
Energy Star (Version: 1.0.9)
Farm Frenzy (Version: 2.2.0.98)
Galerie de photos (Version: 16.4.3505.0912)
Garry's Mod
Google Chrome (Version: 33.0.1750.146)
Google Update Helper (Version: 1.3.22.5)
Governor of Poker 2 Premium Edition (Version: 2.2.0.110)
Grand Theft Auto IV
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
House of 1000 Doors: Family Secrets (Version: 2.2.0.98)
HP 3D DriveGuard (Version: 6.0.15.1)
HP Connected Music (Meridian - installer) (Version: 1.0)
HP CoolSense (Version: 2.10.62)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.2.0.0)
HP Launch Box (Version: 1.1.5)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 4.0.4100)
HP Quick Start (Version: 1.0.4660.30220)
HP Recovery Manager (Version: 9.00)
HP Registration Service (Version: 1.2.6317.4309)
HP Support Assistant (Version: 7.0.39.15)
HP System Event Utility (Version: 1.0.10)
HP Utility Center (Version: 2.1.5)
HP Wireless Button Driver (Version: 1.1.2.1)
IDT Audio (Version: 1.0.6466.0)
Java 7 Update 51 (64-bit) (Version: 7.0.510)
Java SE Development Kit 7 Update 51 (64-bit) (Version: 1.7.0.510)
Jewel Match 3 (Version: 2.2.0.98)
Left 4 Dead 2
Letters from Nowhere 2 (Version: 2.2.0.97)
Luxor Evolved (Version: 2.2.0.98)
Mah Jong Medley (Version: 2.2.0.95)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Malwarebytes Anti-Exploit version 0.09.5.1000 (Version: 0.09.5.1000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.67.0)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft OneDrive (Version: 17.0.4029.0217)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
OEM Application Profile (Version: 1.00.0000)
Peggle Nights (Version: 2.2.0.98)
Photo Gallery (Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
PRE11 STI 64Installer (Version: 11.0)
PSE11 STI Installer (Version: 11.0)
Ralink Bluetooth Stack (Version: 11.0.748.2)
Ralink RT3290 802.11bgn Wi-Fi Adapter (Version: 5.0.25.0)
Realtek Ethernet Controller Driver (Version: 8.13.314.2013)
Realtek PCIE Card Reader (Version: 6.2.9200.29053)
Roads of Rome 3 (Version: 2.2.0.98)
Royal Envoy 2 Collector's Edition (Version: 3.0.2.32)
SpeedRunners
Steam
swMSM (Version: 12.0.0.1)
Synaptics ClickPad Driver (Version: 16.5.3.3)
The Treasures of Mystery Island: The Ghost Ship (Version: 2.2.0.98)
Trinklit Supreme (Version: 2.2.0.98)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia (Version: 3.0.2.32)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (HP Games) (Version: 4.0.10.5)
Windows Live (Version: 16.4.3505.0912)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Worms Revolution
Youda Jewel Shop (Version: 3.0.2.32)
Zuma's Revenge (Version: 2.2.0.98)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 7384.25 MB
Available physical RAM: 5931.24 MB
Total Pagefile: 8792.25 MB
Available Pagefile: 7123 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.27 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:906.65 GB) (Free:798.76 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:23.75 GB) (Free:2.34 GB) NTFS

========================= Users: ========================================

User accounts for \\User-PC

Administrator            User                   Guest                   

**** End of log ****

 

AdwCleaner:

 

# AdwCleaner v3.022 - Report created 15/03/2014 at 08:20:03
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Downloads\Scans\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1781 octets] - [05/03/2014 16:55:05]
AdwCleaner[R2].txt - [864 octets] - [05/03/2014 17:32:42]
AdwCleaner[R3].txt - [982 octets] - [07/03/2014 13:33:00]
AdwCleaner[R4].txt - [1041 octets] - [07/03/2014 18:38:44]
AdwCleaner[R5].txt - [2233 octets] - [12/03/2014 20:06:07]
AdwCleaner[S1].txt - [1397 octets] - [05/03/2014 16:56:25]
AdwCleaner[S2].txt - [924 octets] - [05/03/2014 17:33:14]
AdwCleaner[S3].txt - [1026 octets] - [15/03/2014 08:20:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1086 octets] ##########


Edited by PaperBoy112, 15 March 2014 - 02:58 PM.


#4 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 15 March 2014 - 03:57 PM

TDSSKiller Log:

http://pastebin.com/gJECMjeH - Note: Log is to long to post here

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Andrew on 2014-03-15 at  8:27:40.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7CC96401-A95D-4565-9ED4-CA5F9EC3B7D9}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-03-15 at  8:41:24.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Online Scanner:

 

C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll MSIL/Adware.PullUpdate.C application 

C:\Windows\System32\MovieMode.48CA2AEFA22D.dll MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
 

 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:36 PM

Posted 16 March 2014 - 08:27 PM

Ok this looks clean...


Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Lets check the MBR


Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
What symptoms make you feel infected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 17 March 2014 - 04:41 PM

To answer you're question about why I think I'm infected, its because sometimes my browser gets redirected somewhere quickly, then to the right place. Another reason is because sometimes my touchpad on my laptop will stop working, then work again about 10 seconds later. The last reason is because (I'm not sure if this counts) I hear beeping noises (sometimes) when pressing shift, and when pressing the home button, it will lag, make the noise, then open the menu.  Did I hit the wrong settings? Thanks.

 

When I ran TFC it did not come up with a log, even after I restarted.

 

aswMBR log:

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-17 14:17:46
-----------------------------
14:17:46.668    OS Version: Windows x64 6.2.9200
14:17:46.668    Number of processors: 4 586 0x1301
14:17:46.668    ComputerName: User-PC  UserName: User
14:17:46.731    Initialze error 1
14:17:51.036    AVAST engine defs: 14031601
14:17:54.936    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
14:17:54.936    Disk 0 Vendor: TOSHIBA_MQ01ABD100 AX001C Size: 953869MB BusType: 11
14:17:54.983    Disk 0 MBR read successfully
14:17:54.983    Disk 0 MBR scan
14:17:54.999    Disk 0 unknown MBR code
14:17:54.999    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:17:54.999    Disk 0 scanning C:\Windows\system32\drivers
14:17:55.014    Service scanning
14:17:56.153    Modules scanning
14:17:56.153    Disk 0 trace - called modules:
14:17:56.184    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:17:56.184    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008046060]
14:17:56.184    3 CLASSPNP.SYS[fffff88001338e0a] -> nt!IofCallDriver -> [0xfffffa8007d57b10]
14:17:56.200    5 hpdskflt.sys[fffff88001a0242b] -> nt!IofCallDriver -> [0xfffffa80066d4040]
14:17:56.215    7 amd_xata.sys[fffff88001293634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80074317f0]
14:17:56.215    AVAST engine scan C:\Windows
14:17:56.231    AVAST engine scan C:\Windows\system32
14:17:56.231    AVAST engine scan C:\Windows\system32\drivers
14:17:56.247    AVAST engine scan C:\Users\User
14:17:56.247    AVAST engine scan C:\ProgramData
14:17:56.247    Scan finished successfully
14:18:07.572    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
14:18:07.572    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


Edited by PaperBoy112, 17 March 2014 - 04:41 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:36 PM

Posted 17 March 2014 - 05:47 PM

If you still redirect it may be in your browsers' add ons/ extentions.
Look in there and disable anything you do not recocnize or disable all and see.

If you don't know how,I need to know your browser.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 17 March 2014 - 07:37 PM

I don't know how to check, I have Internet Explorer and Google Chrome.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:36 PM

Posted 17 March 2014 - 07:44 PM

See post 3 by quietman
 
http://www.bleepingcomputer.com/forums/t/513638/malware-or-virus-affecting-my-computer/?hl=%2Bremoval+%2Btool#entry3204205
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users