Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run WSE (error 0x80096001)


  • This topic is locked This topic is locked
19 replies to this topic

#1 MrDiscoChimp

MrDiscoChimp

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 June 2014 - 04:49 AM

Hi, newbie here (be kind)

 

I have a friends laptop I'm looking at. She said it was only the DVD drive, but turns out there's some really nasty stuff on there. 

 

I have managed to remove a lot

 

  • Unsinatalled obvious stuff from programs (mostly in safe mode as the Installer service wouldn't run in normal mode)
  • Run malwarebytes (removed about 8 objects)
  • Cleaned out the Reg with Ccleaner
  • Run ADWcleaner (removed a load of stuff)
  • Run TDSSKiller (no threats found)
  • Aslo ran ComboFix (unfortunately before I read the guide on here saying not to)

.....but I've come to an impass. There's still issues:

 

  • Can install WSE but I can't run it. I get error code 0x80096001 at initialization
  • Can't search for anything in win explorer
  • Can't get to any web page other than msn.co.uk in the IE address bar

Hoping you guys can help me out. 

 

Windows Firewall is on, Windows defender is off as MSE installed although I can't run it

 

DDS.txt attached, Log content:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by user at 9:52:49 on 2014-06-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3063.2211 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uProxyServer = proxy1.equinoxsolutions.com:80
uProxyOverride = <local>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer
 
\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars
 
\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110614060303
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\05F64756E6479616C6F56596275737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\2373732333 : DHCPNameServer = 10.59.140.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\244584F6D65684572623D2A5746393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\B69646370716365613 : DHCPNameServer = 192.168.12.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\C496675626F687D254347383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6711FDC9-C2B0-4873-B554-4278A6BA6B59} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer
 
\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer
 
\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows
 
\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline
 
\RapportCerberus32_59849.sys [2013-12-24 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe 
 
[2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2008-9-5 673160]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 
 
1444120]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-6-19 227896]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers
 
\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-
 
28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework
 
\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-18 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-19 
 
14848]
S3 SMYIHLHKO;SMYIHLHKO;c:\users\user\appdata\local\temp\smyihlhko.exe --> c:\users\user\appdata\local\temp\SMYIHLHKO.exe 
 
[?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-19 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-06-20 08:06:20 -------- d-----w- c:\users\user\appdata\local\Apps
2014-06-20 08:06:19 -------- d-----w- c:\users\user\appdata\local\Deployment
2014-06-20 08:01:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-20 07:48:14 98816 ----a-w- c:\windows\sed.exe
2014-06-20 07:48:14 256000 ----a-w- c:\windows\PEV.exe
2014-06-20 07:48:14 208896 ----a-w- c:\windows\MBR.exe
2014-06-19 12:19:12 -------- d-----w- c:\program files\Microsoft Security Client
2014-06-19 11:58:25 -------- d-----w- C:\AdwCleaner
2014-06-19 11:39:44 93056 ----a-w- C:\kxldapob.sys
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieUserList
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieSiteList
2014-06-19 07:57:42 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-06-19 07:57:40 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-19 07:57:36 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-06-19 07:57:36 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-06-19 07:57:35 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-19 07:56:58 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-19 07:56:56 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-19 07:56:55 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-06-19 07:56:55 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-19 07:56:54 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-06-19 07:56:54 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-06-19 07:56:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-06-19 07:56:54 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-06-19 07:56:54 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-06-19 07:56:54 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-06-19 07:56:54 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-06-19 07:56:53 5698048 ----a-w- c:\windows\system32\mstscax.dll
2014-06-19 07:54:36 -------- d-----w- c:\program files\LSI SoftModem
2014-06-19 07:52:20 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2014-06-19 07:52:20 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2014-06-19 07:52:17 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2014-06-19 07:52:17 1885488 ----a-r- c:\windows\system32\BttnCmn.dll
2014-06-19 07:51:44 -------- d-----w- c:\windows\QLB
2014-06-19 07:48:09 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-19 07:47:58 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-06-19 07:39:05 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3932640a-
 
9059-4c02-86a5-ab3a1f3406bd}\mpengine.dll
2014-06-19 07:02:40 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2014-06-19 07:02:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-19 07:02:36 -------- d-----w- c:\programdata\Malwarebytes
2014-06-19 06:51:27 -------- d-----w- c:\windows\system32\appmgmt
2014-06-19 06:38:14 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-18 22:58:35 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-18 22:58:35 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-18 22:58:35 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-18 22:58:34 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-18 22:58:09 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-18 22:58:00 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 22:58:00 38400 ----a-w- c:\program files\internet explorer\DiagnosticsHub_is.dll
2014-06-18 22:58:00 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:58:00 215552 ----a-w- c:\program files\internet explorer
 
\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-06-18 22:58:00 151552 ----a-w- c:\program files\internet explorer\DiagnosticsTap.dll
2014-06-18 22:58:00 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 22:54:04 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-18 22:54:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-06-18 22:53:39 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-18 22:53:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 22:53:31 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 22:53:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 22:53:29 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-06-18 22:53:26 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-06-18 22:53:23 381440 ----a-w- c:\windows\system32\wer.dll
2014-06-18 22:47:45 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 22:14:07 -------- d-----w- C:\logs
2014-06-18 21:39:41 1397248 ----a-w- c:\windows\system32\utilman.exe.bak
2014-06-04 07:42:19 -------- d-----w- c:\windows\Migration
.
==================== Find3M  ====================
.
2014-06-19 11:30:17 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-19 11:30:17 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 21:39:41 669184 ----a-w- c:\windows\system32\Utilman.exe
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 08:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 14:27:50 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
============= FINISH:  9:53:58.98 ===============
 

 

 

Attached Files

  • Attached File  dds.txt   16.99KB   0 downloads


BC AdBot (Login to Remove)

 


m

#2 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 June 2014 - 05:43 AM

Update, I'm in the process of running Malwarebytes again as I realised that I had only run it from a live CD scanning the local drives preiously - it's already deteding 13 new objects after only 5% complete. 

 

Should I run DDS again after this is finished and I've removed the infections?

 

New DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by user at 13:04:58 on 2014-06-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3063.1720 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uProxyServer = proxy1.equinoxsolutions.com:80
uProxyOverride = <local>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110614060303
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\05F64756E6479616C6F56596275737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\2373732333 : DHCPNameServer = 10.59.140.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\244584F6D65684572623D2A5746393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\B69646370716365613 : DHCPNameServer = 192.168.12.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\C496675626F687D254347383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6711FDC9-C2B0-4873-B554-4278A6BA6B59} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-5-3 123512]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_68261.sys [2014-6-20 358008]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-5-3 170968]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-5-3 249400]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-20 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-20 860472]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2008-9-5 673160]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-6-19 227896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-19 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-20 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-20 51928]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-18 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-19 14848]
S3 SMYIHLHKO;SMYIHLHKO;c:\users\user\appdata\local\temp\smyihlhko.exe --> c:\users\user\appdata\local\temp\SMYIHLHKO.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-19 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-06-20 11:28:40 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-06-20 11:25:44 -------- d-----w- c:\users\user\appdata\local\Trusteer
2014-06-20 10:33:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-20 10:33:01 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-20 10:33:00 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-20 10:33:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-20 10:32:41 -------- d-----w- c:\users\user\appdata\local\Programs
2014-06-20 09:40:33 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-20 09:40:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-20 09:38:23 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6f0a1c18-7cf3-40e6-b321-e89e61f65bdf}\mpengine.dll
2014-06-20 08:06:20 -------- d-----w- c:\users\user\appdata\local\Apps
2014-06-20 08:06:19 -------- d-----w- c:\users\user\appdata\local\Deployment
2014-06-20 08:01:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-20 07:48:14 98816 ----a-w- c:\windows\sed.exe
2014-06-20 07:48:14 256000 ----a-w- c:\windows\PEV.exe
2014-06-20 07:48:14 208896 ----a-w- c:\windows\MBR.exe
2014-06-19 11:58:25 -------- d-----w- C:\AdwCleaner
2014-06-19 11:39:44 93056 ----a-w- C:\kxldapob.sys
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieUserList
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieSiteList
2014-06-19 07:57:42 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-06-19 07:57:36 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-06-19 07:57:36 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-06-19 07:56:58 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-19 07:56:56 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-19 07:56:55 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-06-19 07:56:55 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-19 07:56:54 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-06-19 07:56:54 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-06-19 07:56:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-06-19 07:56:54 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-06-19 07:56:54 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-06-19 07:56:54 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-06-19 07:56:54 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-06-19 07:54:36 -------- d-----w- c:\program files\LSI SoftModem
2014-06-19 07:52:20 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2014-06-19 07:52:20 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2014-06-19 07:52:17 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2014-06-19 07:52:17 1885488 ----a-r- c:\windows\system32\BttnCmn.dll
2014-06-19 07:51:44 -------- d-----w- c:\windows\QLB
2014-06-19 07:48:09 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-19 07:47:58 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-06-19 07:02:40 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2014-06-19 07:02:38 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-19 07:02:36 -------- d-----w- c:\programdata\Malwarebytes
2014-06-19 06:51:27 -------- d-----w- c:\windows\system32\appmgmt
2014-06-19 06:38:14 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-18 22:58:35 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-18 22:58:35 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-18 22:58:35 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-18 22:58:34 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-18 22:58:09 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-18 22:58:00 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 22:58:00 38400 ----a-w- c:\program files\internet explorer\DiagnosticsHub_is.dll
2014-06-18 22:58:00 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:58:00 215552 ----a-w- c:\program files\internet explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-06-18 22:58:00 151552 ----a-w- c:\program files\internet explorer\DiagnosticsTap.dll
2014-06-18 22:58:00 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 22:54:04 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-18 22:54:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-06-18 22:53:39 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-18 22:53:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 22:53:31 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 22:53:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 22:53:29 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-06-18 22:53:26 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-06-18 22:53:23 381440 ----a-w- c:\windows\system32\wer.dll
2014-06-18 22:47:45 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 22:14:07 -------- d-----w- C:\logs
2014-06-18 21:39:41 1397248 ----a-w- c:\windows\system32\utilman.exe.bak
2014-06-04 07:42:19 -------- d-----w- c:\windows\Migration
.
==================== Find3M  ====================
.
2014-06-19 11:30:17 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-19 11:30:17 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 21:39:41 669184 ----a-w- c:\windows\system32\Utilman.exe
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-03 21:55:46 123512 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-26 14:27:50 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
============= FINISH: 13:07:29.86 ===============
 

Attached Files

  • Attached File  DDS.txt   17.97KB   0 downloads

Edited by MrDiscoChimp, 20 June 2014 - 07:27 AM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 25 June 2014 - 04:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538364 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 June 2014 - 06:52 AM

Hi, 

 

I think I have described the symptoms pretty fully above, but should probably mention that I can get to other web pages than MSN now (still not google though) but can't download from any links (am having to post here from a different PC too as I just don't trust it). 

 

Also noticed that I can't restore the favourites in win explorer

 

I don't have the Installation DVD (OS is Win7 Pro SP1) - I would have probably done a clean install by now if I did.

 

Latest DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by user at 12:44:45 on 2014-06-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3063.2194 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = proxy1.equinoxsolutions.com:80
uProxyOverride = <local>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110614060303
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\05F64756E6479616C6F56596275737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\2373732333 : DHCPNameServer = 10.59.140.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\244584F6D65684572623D2A5746393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\B69646370716365613 : DHCPNameServer = 192.168.12.11
TCP: Interfaces\{5AC01822-471B-4AA0-95E2-788FEDA9FE21}\C496675626F687D254347383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6711FDC9-C2B0-4873-B554-4278A6BA6B59} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-5-3 123512]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_68261.sys [2014-6-20 358008]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-5-3 170968]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-5-3 249400]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2008-9-5 673160]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-6-19 227896]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-20 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-20 860472]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-18 108032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-19 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-20 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-19 14848]
S3 SMYIHLHKO;SMYIHLHKO;c:\users\user\appdata\local\temp\smyihlhko.exe --> c:\users\user\appdata\local\temp\SMYIHLHKO.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-19 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-06-20 11:28:40 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-06-20 11:25:44 -------- d-----w- c:\users\user\appdata\local\Trusteer
2014-06-20 10:33:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-20 10:33:01 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-20 10:33:00 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-20 10:33:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-20 10:32:41 -------- d-----w- c:\users\user\appdata\local\Programs
2014-06-20 09:40:33 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-20 09:40:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-20 09:38:23 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6f0a1c18-7cf3-40e6-b321-e89e61f65bdf}\mpengine.dll
2014-06-20 08:06:20 -------- d-----w- c:\users\user\appdata\local\Apps
2014-06-20 08:06:19 -------- d-----w- c:\users\user\appdata\local\Deployment
2014-06-20 08:01:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-20 07:48:14 98816 ----a-w- c:\windows\sed.exe
2014-06-20 07:48:14 256000 ----a-w- c:\windows\PEV.exe
2014-06-20 07:48:14 208896 ----a-w- c:\windows\MBR.exe
2014-06-19 11:58:25 -------- d-----w- C:\AdwCleaner
2014-06-19 11:39:44 93056 ----a-w- C:\kxldapob.sys
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieUserList
2014-06-19 09:06:06 -------- d-sh--w- c:\users\user\appdata\local\EmieSiteList
2014-06-19 07:57:42 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-06-19 07:57:36 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-06-19 07:57:36 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-06-19 07:56:58 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-19 07:56:56 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-19 07:56:55 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-06-19 07:56:55 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-19 07:56:54 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-06-19 07:56:54 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-06-19 07:56:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-06-19 07:56:54 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-06-19 07:56:54 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-06-19 07:56:54 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-06-19 07:56:54 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-06-19 07:54:36 -------- d-----w- c:\program files\LSI SoftModem
2014-06-19 07:52:20 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2014-06-19 07:52:20 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2014-06-19 07:52:17 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2014-06-19 07:52:17 1885488 ----a-r- c:\windows\system32\BttnCmn.dll
2014-06-19 07:51:44 -------- d-----w- c:\windows\QLB
2014-06-19 07:48:09 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-19 07:47:58 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-06-19 07:02:40 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2014-06-19 07:02:38 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-19 07:02:36 -------- d-----w- c:\programdata\Malwarebytes
2014-06-19 06:51:27 -------- d-----w- c:\windows\system32\appmgmt
2014-06-19 06:38:14 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-18 22:58:35 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-18 22:58:35 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-18 22:58:35 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-18 22:58:34 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-18 22:58:09 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-18 22:58:00 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 22:58:00 38400 ----a-w- c:\program files\internet explorer\DiagnosticsHub_is.dll
2014-06-18 22:58:00 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:58:00 215552 ----a-w- c:\program files\internet explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-06-18 22:58:00 151552 ----a-w- c:\program files\internet explorer\DiagnosticsTap.dll
2014-06-18 22:58:00 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 22:54:04 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-18 22:54:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-06-18 22:53:39 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-18 22:53:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 22:53:31 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 22:53:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 22:53:29 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-06-18 22:53:26 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-06-18 22:53:23 381440 ----a-w- c:\windows\system32\wer.dll
2014-06-18 22:47:45 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 22:14:07 -------- d-----w- C:\logs
2014-06-18 21:39:41 1397248 ----a-w- c:\windows\system32\utilman.exe.bak
2014-06-04 07:42:19 -------- d-----w- c:\windows\Migration
.
==================== Find3M  ====================
.
2014-06-19 11:30:17 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-19 11:30:17 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 21:39:41 669184 ----a-w- c:\windows\system32\Utilman.exe
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-03 21:55:46 123512 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 12:47:06.34 ===============
 

 

Look forward to you helping me

 

Thanks


Edited by MrDiscoChimp, 25 June 2014 - 06:54 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 27 June 2014 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
===

#6 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 June 2014 - 09:56 AM

Hi Nasdaq,   Thanks for assisting

 

FRST Log Content:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by user (administrator) on USER-PC on 27-06-2014 15:47:16
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Ghost\ngctw32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files\Symantec\Ghost\ngtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-12-04] (RealNetworks, Inc.)
HKLM\...\Run: [NGTray] => C:\Program Files\Symantec\Ghost\ngtray.exe [218504 2008-09-05] (Symantec Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: proxy1.equinoxsolutions.com:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F59E2F0838CCF01
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [fe_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011-12-22]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-22]
 
========================== Services (Whitelisted) =================
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NGCLIENT; C:\Program Files\Symantec\Ghost\ngctw32.exe [673160 2008-09-05] (Symantec Corporation)
S3 SMYIHLHKO; C:\Users\user\AppData\Local\Temp\SMYIHLHKO.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-06-20] () [File not signed]
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [170968 2014-05-03] (Trusteer Ltd.) [File not signed]
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [123512 2014-05-03] (Trusteer Ltd.) [File not signed]
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [249400 2014-05-03] (Trusteer Ltd.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S3 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl6b19d30b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF3D9775-F82E-4D4B-8588-6684280B6D98}\MpKsl6b19d30b.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 mbr; \??\C:\Users\user\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-27 15:47 - 2014-06-27 15:48 - 00010444 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-27 15:47 - 2014-06-27 15:47 - 00000000 ____D () C:\FRST
2014-06-27 15:45 - 2014-06-24 22:28 - 01073152 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-20 12:28 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-20 12:25 - 2014-06-20 12:25 - 00000000 ____D () C:\Users\user\AppData\Local\Trusteer
2014-06-20 12:14 - 2014-06-25 12:41 - 00000224 _____ () C:\Windows\setupact.log
2014-06-20 12:14 - 2014-06-20 12:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-20 11:33 - 2014-06-25 12:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 11:33 - 2014-06-20 11:33 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:33 - 2014-06-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:33 - 2014-06-20 11:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-20 11:33 - 2014-05-12 07:35 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 11:33 - 2014-05-12 07:35 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 10:40 - 2014-05-08 10:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-20 10:40 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-20 09:54 - 2014-06-25 12:47 - 00017747 _____ () C:\Users\user\Desktop\dds.txt
2014-06-20 09:54 - 2014-06-25 12:47 - 00016669 _____ () C:\Users\user\Desktop\attach.txt
2014-06-20 09:06 - 2014-06-20 09:06 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-06-20 09:06 - 2014-06-20 09:06 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2014-06-20 09:01 - 2014-06-20 09:01 - 00013893 _____ () C:\ComboFix.txt
2014-06-20 09:01 - 2014-06-20 09:01 - 00000000 ____D () C:\Users\Administrator
2014-06-20 08:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 08:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 08:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 08:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 08:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 08:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 08:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 08:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 08:46 - 2014-06-20 08:47 - 05207168 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-19 13:17 - 2014-06-19 13:17 - 00002334 _____ () C:\Users\user\Desktop\Rkill.txt
2014-06-19 13:12 - 2014-06-19 13:12 - 00097424 _____ () C:\Users\user\Downloads\cc_20140619_131226.reg
2014-06-19 12:58 - 2014-06-19 13:24 - 00000000 ____D () C:\AdwCleaner
2014-06-19 12:52 - 2014-06-20 09:01 - 00000000 ____D () C:\Qoobox
2014-06-19 12:52 - 2014-06-20 09:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 12:39 - 2014-06-19 12:39 - 00093056 _____ (GMER) C:\kxldapob.sys
2014-06-19 11:37 - 2014-06-19 11:37 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe
2014-06-19 10:16 - 2014-06-20 12:55 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-19 10:14 - 2014-06-19 10:15 - 11241816 _____ (Microsoft Corporation) C:\Users\user\Downloads\MSEInstall (1).exe
2014-06-19 10:10 - 2014-06-19 10:10 - 00788100 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe.purwfko.partial
2014-06-19 10:09 - 2014-06-19 10:18 - 00451842 _____ () C:\Users\user\Downloads\avgremover.log
2014-06-19 10:08 - 2014-06-19 10:08 - 01973368 _____ (AVG Technologies CZ, s.r.o.) C:\Users\user\Downloads\avg_remover_stf_x86_2012_2125.exe
2014-06-19 10:06 - 2014-06-19 10:06 - 00000270 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{071ADFFC-8FD4-4CAF-8DCF-9477BACF55A7}.job
2014-06-19 10:06 - 2014-06-19 10:06 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-19 10:06 - 2014-06-19 10:06 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-19 08:57 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-19 08:57 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-06-19 08:57 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-06-19 08:56 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-19 08:56 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-19 08:56 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-19 08:56 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-19 08:56 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-19 08:56 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-19 08:56 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-19 08:56 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-19 08:56 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-19 08:56 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-19 08:56 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\hpqLog
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\hpqLog
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-06-19 08:52 - 2014-06-19 08:54 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-19 08:52 - 2014-06-19 08:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2014-06-19 08:52 - 2009-04-29 07:46 - 00015872 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\system32\Drivers\HpqKbFiltr.sys
2014-06-19 08:52 - 2008-09-08 13:31 - 01885488 ____R (Hewlett-Packard Company) C:\Windows\system32\BttnCmn.dll
2014-06-19 08:52 - 2008-09-08 13:31 - 01885488 _____ (Hewlett-Packard Company) C:\Windows\system32\BttnCmns.dll
2014-06-19 08:52 - 2006-11-02 06:09 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01005.dll
2014-06-19 08:51 - 2014-06-19 08:52 - 00000000 ____D () C:\Windows\QLB
2014-06-19 08:48 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-19 08:47 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-19 08:02 - 2014-06-20 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 08:02 - 2014-06-19 08:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-06-19 08:02 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-19 07:51 - 2014-06-19 07:57 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-19 07:38 - 2014-06-19 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-19 00:45 - 2014-06-19 00:45 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 00:45 - 2014-06-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 00:45 - 2014-06-19 00:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 00:42 - 2014-06-19 00:42 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-18 23:58 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 23:58 - 2014-05-30 09:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 23:58 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:58 - 2014-03-04 10:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-18 23:58 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-18 23:58 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-18 23:58 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-18 23:58 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-06-18 23:58 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-18 23:57 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 23:57 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 23:57 - 2014-05-30 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 23:57 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 23:57 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 23:57 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 23:57 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 23:57 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 23:57 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 23:57 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 23:57 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 23:57 - 2014-05-30 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:57 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 23:57 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 23:57 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 23:57 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 23:57 - 2014-05-30 08:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 23:57 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 23:57 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 23:57 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 23:57 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 23:57 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 23:57 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 23:57 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 23:57 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 23:57 - 2014-04-12 03:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-18 23:57 - 2014-04-12 03:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-18 23:57 - 2014-04-12 03:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-18 23:57 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-18 23:57 - 2014-04-12 03:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-18 23:57 - 2014-04-12 03:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-18 23:57 - 2014-04-12 03:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-18 23:57 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-18 23:57 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-18 23:57 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-18 23:57 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-18 23:57 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-06-18 23:57 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-18 23:57 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-18 23:57 - 2014-03-04 10:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-18 23:57 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-18 23:54 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-18 23:54 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-18 23:53 - 2014-06-08 09:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-18 23:53 - 2014-06-08 09:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-18 23:53 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-18 23:53 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-18 23:53 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-18 23:53 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-18 23:53 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-18 23:53 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-18 23:47 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-18 23:17 - 2014-06-27 15:45 - 00938855 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 23:16 - 2014-06-18 23:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer
2014-06-18 22:59 - 2014-06-18 22:59 - 00000048 _____ () C:\Windows\wininit.ini
2014-06-18 22:43 - 2014-06-18 22:43 - 00000779 _____ () C:\Users\user\Downloads\clamav_report_180614_214253.txt
2014-06-18 22:42 - 2014-06-18 22:42 - 00005948 _____ () C:\Users\user\Downloads\clamav_report_180614_214134.txt
2014-06-18 22:39 - 2009-07-14 02:14 - 01397248 _____ (Microsoft Corporation) C:\Windows\system32\utilman.exe.bak
2014-06-18 22:26 - 2014-06-18 22:26 - 00000000 ____D () C:\Users\Tim
2014-06-18 22:26 - 2014-06-18 22:26 - 00000000 ____D () C:\Users\TEMP
2014-06-18 22:26 - 2011-09-27 18:14 - 00000000 ____D () C:\Users\Tim\AppData\Local\Trusteer
2014-06-18 22:26 - 2011-09-27 18:14 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Trusteer
2014-06-18 21:56 - 2014-06-18 21:56 - 00000000 ____D () C:\Users\Test\AppData\Local\Sophos
2014-06-10 13:58 - 2014-06-10 13:58 - 00000165 ____H () C:\Users\Test\Desktop\~$Little Acorns leavers.pptm
2014-06-10 13:53 - 2014-06-10 08:06 - 28856616 _____ () C:\Users\Test\Desktop\Little Acorns leavers   JUDE.pptm
2014-06-10 13:53 - 2014-06-10 08:05 - 48755998 _____ () C:\Users\Test\Desktop\Little Acorns leavers.pptm
2014-06-09 08:56 - 2014-06-11 10:57 - 00000000 ____D () C:\Users\Test\Desktop\Audio book
2014-06-06 05:48 - 2014-06-05 17:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\TDSSKiller.exe
2014-06-04 11:03 - 2014-06-04 11:03 - 00000000 ___RD () C:\Users\Test\Desktop\The Gruffalo and Friends
 
==================== One Month Modified Files and Folders =======
 
2014-06-27 15:48 - 2014-06-27 15:47 - 00010444 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-27 15:47 - 2014-06-27 15:47 - 00000000 ____D () C:\FRST
2014-06-27 15:45 - 2014-06-18 23:17 - 00938855 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 15:45 - 2013-02-02 20:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 13:27 - 2011-06-24 17:05 - 00000000 ____D () C:\Windows\rescache
2014-06-25 13:03 - 2009-07-14 05:34 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 13:03 - 2009-07-14 05:34 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 12:47 - 2014-06-20 09:54 - 00017747 _____ () C:\Users\user\Desktop\dds.txt
2014-06-25 12:47 - 2014-06-20 09:54 - 00016669 _____ () C:\Users\user\Desktop\attach.txt
2014-06-25 12:42 - 2014-06-20 11:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 12:41 - 2014-06-20 12:14 - 00000224 _____ () C:\Windows\setupact.log
2014-06-25 12:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 22:28 - 2014-06-27 15:45 - 01073152 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-20 13:07 - 2009-12-04 11:10 - 00840000 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 12:55 - 2014-06-19 10:16 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-20 12:27 - 2011-03-17 23:13 - 00000000 ____D () C:\Program Files\Google
2014-06-20 12:25 - 2014-06-20 12:25 - 00000000 ____D () C:\Users\user\AppData\Local\Trusteer
2014-06-20 12:19 - 2013-08-20 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-06-20 12:14 - 2014-06-20 12:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-20 11:33 - 2014-06-20 11:33 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:33 - 2014-06-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:33 - 2014-06-20 11:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-20 11:33 - 2014-06-19 08:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 09:06 - 2014-06-20 09:06 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-06-20 09:06 - 2014-06-20 09:06 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2014-06-20 09:06 - 2010-12-27 20:19 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-06-20 09:01 - 2014-06-20 09:01 - 00013893 _____ () C:\ComboFix.txt
2014-06-20 09:01 - 2014-06-20 09:01 - 00000000 ____D () C:\Users\Administrator
2014-06-20 09:01 - 2014-06-19 12:52 - 00000000 ____D () C:\Qoobox
2014-06-20 09:01 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-06-20 09:01 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-06-20 09:00 - 2014-06-19 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 08:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 08:47 - 2014-06-20 08:46 - 05207168 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-19 13:24 - 2014-06-19 12:58 - 00000000 ____D () C:\AdwCleaner
2014-06-19 13:17 - 2014-06-19 13:17 - 00002334 _____ () C:\Users\user\Desktop\Rkill.txt
2014-06-19 13:12 - 2014-06-19 13:12 - 00097424 _____ () C:\Users\user\Downloads\cc_20140619_131226.reg
2014-06-19 12:39 - 2014-06-19 12:39 - 00093056 _____ (GMER) C:\kxldapob.sys
2014-06-19 12:30 - 2013-02-02 20:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-19 12:30 - 2011-08-26 17:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-19 11:37 - 2014-06-19 11:37 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe
2014-06-19 10:18 - 2014-06-19 10:09 - 00451842 _____ () C:\Users\user\Downloads\avgremover.log
2014-06-19 10:15 - 2014-06-19 10:14 - 11241816 _____ (Microsoft Corporation) C:\Users\user\Downloads\MSEInstall (1).exe
2014-06-19 10:10 - 2014-06-19 10:10 - 00788100 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe.purwfko.partial
2014-06-19 10:09 - 2012-06-08 13:13 - 00000000 ____D () C:\ProgramData\AVG2012
2014-06-19 10:09 - 2010-12-19 16:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-19 10:08 - 2014-06-19 10:08 - 01973368 _____ (AVG Technologies CZ, s.r.o.) C:\Users\user\Downloads\avg_remover_stf_x86_2012_2125.exe
2014-06-19 10:06 - 2014-06-19 10:06 - 00000270 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{071ADFFC-8FD4-4CAF-8DCF-9477BACF55A7}.job
2014-06-19 10:06 - 2014-06-19 10:06 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-19 10:06 - 2014-06-19 10:06 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-19 09:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-19 09:03 - 2009-12-09 16:05 - 00000000 ____D () C:\Program Files\Sophos
2014-06-19 08:55 - 2009-12-09 16:05 - 00000000 ____D () C:\ProgramData\Sophos
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\hpqLog
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\hpqLog
2014-06-19 08:54 - 2014-06-19 08:54 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-06-19 08:54 - 2014-06-19 08:52 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-19 08:52 - 2014-06-19 08:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2014-06-19 08:52 - 2014-06-19 08:51 - 00000000 ____D () C:\Windows\QLB
2014-06-19 08:52 - 2010-03-04 18:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-19 08:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 08:21 - 2009-12-07 16:07 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-19 08:03 - 2011-03-17 23:13 - 00000000 ____D () C:\ProgramData\Google
2014-06-19 08:02 - 2014-06-19 08:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-06-19 07:57 - 2014-06-19 07:51 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-19 07:51 - 2011-10-16 11:54 - 00000000 ____D () C:\Firefox
2014-06-19 07:42 - 2009-07-14 05:33 - 00411104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 07:40 - 2009-12-04 12:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-19 07:38 - 2014-06-19 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-19 00:51 - 2010-03-04 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-19 00:45 - 2014-06-19 00:45 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 00:45 - 2014-06-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 00:45 - 2014-06-19 00:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-19 00:45 - 2012-07-14 15:47 - 00000000 ___RD () C:\Program Files\Skype
2014-06-19 00:45 - 2012-07-14 15:47 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 00:42 - 2014-06-19 00:42 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-19 00:27 - 2013-08-15 22:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-19 00:05 - 2010-06-03 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-18 23:19 - 2010-03-07 21:57 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-18 23:16 - 2014-06-18 23:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer
2014-06-18 23:08 - 2011-10-14 19:10 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 23:02 - 2011-06-28 17:50 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-06-18 23:01 - 2011-10-16 11:54 - 00000000 ____D () C:\ProgramData\RegWork
2014-06-18 23:00 - 2012-10-18 18:29 - 00000000 ____D () C:\Users\Test\AppData\Local\Conduit
2014-06-18 22:59 - 2014-06-18 22:59 - 00000048 _____ () C:\Windows\wininit.ini
2014-06-18 22:43 - 2014-06-18 22:43 - 00000779 _____ () C:\Users\user\Downloads\clamav_report_180614_214253.txt
2014-06-18 22:42 - 2014-06-18 22:42 - 00005948 _____ () C:\Users\user\Downloads\clamav_report_180614_214134.txt
2014-06-18 22:39 - 2009-07-14 01:13 - 00669184 _____ () C:\Windows\system32\Utilman.exe
2014-06-18 22:26 - 2014-06-18 22:26 - 00000000 ____D () C:\Users\Tim
2014-06-18 22:26 - 2014-06-18 22:26 - 00000000 ____D () C:\Users\TEMP
2014-06-18 21:56 - 2014-06-18 21:56 - 00000000 ____D () C:\Users\Test\AppData\Local\Sophos
2014-06-18 09:54 - 2012-07-14 15:47 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Skype
2014-06-11 14:28 - 2011-02-01 17:41 - 00007168 _____ () C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-11 10:57 - 2014-06-09 08:56 - 00000000 ____D () C:\Users\Test\Desktop\Audio book
2014-06-10 13:58 - 2014-06-10 13:58 - 00000165 ____H () C:\Users\Test\Desktop\~$Little Acorns leavers.pptm
2014-06-10 08:06 - 2014-06-10 13:53 - 28856616 _____ () C:\Users\Test\Desktop\Little Acorns leavers   JUDE.pptm
2014-06-10 08:05 - 2014-06-10 13:53 - 48755998 _____ () C:\Users\Test\Desktop\Little Acorns leavers.pptm
2014-06-08 09:48 - 2014-06-18 23:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 09:43 - 2014-06-18 23:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 17:39 - 2014-06-06 05:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\TDSSKiller.exe
2014-06-04 11:03 - 2014-06-04 11:03 - 00000000 ___RD () C:\Users\Test\Desktop\The Gruffalo and Friends
2014-06-01 17:18 - 2009-12-04 11:55 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-30 10:18 - 2014-06-18 23:57 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 10:02 - 2014-06-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 10:02 - 2014-06-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 09:44 - 2014-06-18 23:57 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 09:43 - 2014-06-18 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 09:42 - 2014-06-18 23:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 09:38 - 2014-06-18 23:57 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 09:34 - 2014-06-18 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 09:33 - 2014-06-18 23:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 09:30 - 2014-06-18 23:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 09:28 - 2014-06-18 23:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 09:28 - 2014-06-18 23:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 09:27 - 2014-06-18 23:57 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 09:21 - 2014-06-18 23:57 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:16 - 2014-06-18 23:57 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 09:10 - 2014-06-18 23:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 09:06 - 2014-06-18 23:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 09:04 - 2014-06-18 23:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 09:02 - 2014-06-18 23:57 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 08:57 - 2014-06-18 23:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 08:56 - 2014-06-18 23:57 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 08:54 - 2014-06-18 23:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 08:50 - 2014-06-18 23:57 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 08:49 - 2014-06-18 23:57 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 08:40 - 2014-06-18 23:57 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 08:21 - 2014-06-18 23:57 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 08:15 - 2014-06-18 23:57 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 08:13 - 2014-06-18 23:57 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 10:54
 
==================== End Of Log ============================
 
 
FSS Log Content:
 
Farbar Service Scanner Version: 10-06-2014
Ran by user (administrator) on 27-06-2014 at 15:53:56
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Addition.txt attached as requested
 

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 27 June 2014 - 12:36 PM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

===

If that fails to resolved the internet problem continue

 

Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Reset the router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Restart the computer normally when completed.

Run this.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
S3 SMYIHLHKO; C:\Users\user\AppData\Local\Temp\SMYIHLHKO.exe [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S3 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl6b19d30b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF3D9775-F82E-4D4B-8588-6684280B6D98}\MpKsl6b19d30b.sys [X]
U3 mbr; \??\C:\Users\user\AppData\Local\Temp\mbr.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

What are the remaining issues?

#8 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 June 2014 - 01:01 PM

Hi, 

 

Slight problem in that I don't appear to be able to get a Command Prompt up. 

 

As I mentioned in the OP, I can't search for anything in Explorer - this extends to the search bar in the Start Menu, so I can't input the ipconfig commands in directly or start a CMD.exe from there. Worryingly, there's also no CMD available from the Accessories Menu. I've managed to do this eventually though naming a word doc as prompt.bat - but am concerned that the CMD is only reachable this way. 

 

Will update more shortly once I've rebooted and tested current symptoms


Edited by MrDiscoChimp, 27 June 2014 - 01:23 PM.


#9 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 June 2014 - 01:09 PM

The router is fine by the way - all our computers and devices are working fine and this is a friends laptop I'm trying to clean up. 

 

Can I skip the reset router part??



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 27 June 2014 - 01:15 PM

Yes!

#11 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 June 2014 - 01:26 PM

Fixlog content:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by user at 2014-06-27 19:20:38 Run:1
Running from C:\Users\user\Desktop\bleeping Tools
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
S3 SMYIHLHKO; C:\Users\user\AppData\Local\Temp\SMYIHLHKO.exe [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S3 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl6b19d30b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF3D9775-F82E-4D4B-8588-6684280B6D98}\MpKsl6b19d30b.sys [X]
U3 mbr; \??\C:\Users\user\AppData\Local\Temp\mbr.sys [X]
 
End
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
SMYIHLHKO => Service deleted successfully.
AVGIDSHX => Service deleted successfully.
AVGIDSShim => Service deleted successfully.
catchme => Service deleted successfully.
MpKsl6b19d30b => Service deleted successfully.
mbr => Service not found.
 
==== End of Fixlog ====
 
Am just testing  to see remaining symptoms


#12 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 June 2014 - 01:34 PM

OK, so:

 

  • Still can't search in the Start Bar or Windows Explorer
  • Starting IE I get the "Corrupted Search Provider" warning, then the manage add ons dialog
  • Still can't connect to Google.com or .co.uk, I can get to MSN, NewsNow and this site
  • I CAN ping Google.com and .co.uk though?!

Basically nothing seems to have changed  :smash:



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 28 June 2014 - 06:37 AM

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

===

If that fails to solve the issue continue.

The Microsoft Windows ARP cache will occasionally become corrupt and need to be cleared.

Follow the instructions on this page.

ARP cache
http://www.tech-faq.com/clear-arp-cache.shtml

Keep me posted.

#14 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 June 2014 - 09:46 AM

Thanks, will give that a try now and let you know



#15 MrDiscoChimp

MrDiscoChimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 June 2014 - 10:28 AM

OK, so I merged the reg file and rebooted, now I can't access the internet at all via the wireless adapter in normal or Safe modes. I just get cant connect to the AP, and where I try to run the network troubleshooter I get error 0x80096001

 

Wired connection, the same thing (network cable not even recognized). 

 

Have cleared the ARP cache out anf rebooted again and no difference






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users