Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wireless internet only works in safe mode + Microsoft security center wont work


  • This topic is locked This topic is locked
145 replies to this topic

#1 chriswatson06

chriswatson06

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 12 July 2014 - 07:05 AM

I was told to post in here to check my system for problems, my original post was http://www.bleepingcomputer.com/forums/t/540522/wireless-internet-only-works-in-safe-mode-microsoft-secruity-center-wont-work/

 

As the link above states:

 

My specs

 

Dell Inspiron 1720 Laptop
windows vista home premium, Service Pack 2
32 bit

4 gb ram
 

Hello, my laptop will not connect to the wireless internet unless it is in safe mode with networking, along with not connecting to the internet it will not run microsoft security center and tells me i have to run it manually but computer wont do it manually eithier. These worked about two months ago but no longer do.  I have not added any hardware and have not applied any kind of updates besides for normal windows system updates.

 

  • I've ran all the 'fix it" solutions provided by microsoft but it does not fix the problem.
  • I've ran chkdsk /f /r multiple times back to back and it deletes corrupt files and then restores orphan files (its always the same ones)
  • I've ran windows update but that finds nothing
  • I've tried to run Malwarebytes but it has an error saying that it stopped working when i double click to open it.
  • I ran CC cleaner and it fixed a bunch of stuff but the problem still persists.
  • I've restarted and ran the diagnostic disc that came with the laptop but that doesnt fix the problem eithier.
  • I ran minitool box and did the following but it did not fix,
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • I ran tdsskiller but it did not fix the issue
  • I ran adwcleaner but it did not fix the issue
  • I ran Junkware Removal Tool (JRT) but it just sits on a black cmd screen.
  • I have other laptops and computers in the house and they all connect to the wireless just fine.

 

Lastly I just ran sfc scan now and it tells me it found corrupt files  but can not repair them but saved a log to the cbs.log file.. I tried to copy and paste the log file in here but it freezes the computer and when I tried attaching it to the forum its too big.

 

I'm running out of ideas, can anyone help me get this computer working correctly?  Thanks

 

 

I'm not aware of any changes to software before this problem started. To be honest there was always some sort of "problem" on this computer. The problem I dealt with before this was multiple virus/trojan/keyloggers installed and it was doing things like making my mouse and usb ports ineffective. I have downloaded so many different programs and done so many different things to fix this computer that I cant remember everything I have done.

 

I have no ethernet cord available to check if it is OK in wired mode.

 

Using the add/remove menu I uninstalled avast, spybot search and destory and AVG so I'm not sure why logs still show it eithier..

 

 

Here are my results with FarBar while in safe mode

Farbar Service Scanner Version: 10-06-2014
Ran by Chris (administrator) on 11-07-2014 at 09:45:01
Running from "C:\Users\Chris\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

 

Here are my results from SecurityCheck while in safemode

 Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86  
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 7 Update 51 
 Java version out of Date!
  Adobe Flash Player  13.0.0.214 Flash Player out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

Here is the DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.51.2
Run by Chris at 7:51:46 on 2014-07-12
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3573.2501 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uSearch Bar = www.google.com
uSearch Page = www.google.com
uSearchAssistant = www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
uRunOnce: [Report] c:\adwcleaner\AdwCleaner[S4].txt
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6DEFCAFF-2AB3-4D18-A650-7FFCD06C91B8} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\a9qg2xw3.default\
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\chris\appdata\roaming\zoom\bin\npzoomplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104264]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\drivers\jmccgp.sys [2009-7-28 14960]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S4 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-07-11 00:16:59    --------    d-----w-    c:\program files\ESET
2014-07-11 00:12:54    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{319a368b-616b-4ff4-bd10-bc43c5781680}\offreg.dll
2014-07-10 19:55:44    18944    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2014-07-10 19:18:03    --------    d-----w-    c:\program files\CCleaner
2014-07-06 18:41:58    8140904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{319a368b-616b-4ff4-bd10-bc43c5781680}\mpengine.dll
2014-07-05 01:03:27    8140904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-04 15:57:31    765968    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{f27593f6-dd40-449a-9910-f725de21a183}\gapaengine.dll
2014-07-02 00:23:30    31048    ----a-w-    c:\windows\system32\drivers\iqvw32.sys
2014-06-27 15:47:24    --------    d-----w-    c:\users\chris\appdata\roaming\Zoom
2014-06-21 17:34:46    --------    d-----w-    c:\program files\iPod
2014-06-21 17:34:39    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2014-05-15 20:18:52    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-15 20:18:51    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:26:04    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-12 11:25:58    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-07 00:08:11    107736    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-19 03:52:42    71680    --sha-w-    c:\windows\system32\argsvc.dll
.
============= FINISH:  7:52:14.46 ===============
 

ATTACHED is the attach.txt log

Attached Files


Edited by chriswatson06, 12 July 2014 - 07:33 AM.

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


BC AdBot (Login to Remove)

 


#2 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 12 July 2014 - 07:31 AM

As an important followup, I have noticed that I have Muvic SmartBar and Muvic SmartBar engine installed on the computer on 3/31/2014. I did research on this and it says it is a third party application that comes with the Snap.Do virus.. I vaguely remember having remnants of this virus in the past but thought I had removed it..  

 

When I try to uninstall Muvic SmartBar from the add/remove options I get an error message saying "The windows installer service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personelle for assistance."

 

When I try to uninstall Muvic SmartBar engine from the add/remove options nothing happens and I can just click uninstall forever.

 

I ran HitmanPro 3.7.9  and it found Snap.do and AskBar so I told it to delete them. After I restarted the computer in regular mode but the internet problem still exists and muvicsmartbar is still listed in add/remove.

 

I will not download or run any more tools/programs until furthur help here as been provided. Thank you so much to whoever takes on my problem!


Edited by chriswatson06, 12 July 2014 - 08:02 AM.

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 15 July 2014 - 07:34 PM

Hello chriswatson06, and welcome to the forums! :thumbsup:
 
We apologize for the delay in response to your topic! Now that I'm here, I will stay with you until this machine is clean!
 
My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

Firstly, from what I'm seeing in your logs, you have more than one antivirus program running simultaneously (did you try to remove Avast previously, but were unsuccessful?). This is not a good idea as it can cause many conflicts (and also internet issues). We will also be removing what you tried and fail to remove before, in due time. :wink:

 

We also need to do some registry imports as there are some keys missing, for your internet and for everything to work correctly...these are usually leftovers from previous infections...but we'll see.

Step :step1:  
 
I'd suggest you uninstall Avast if this is the free version (we can re-install it later if need be). I doubt this will fix the problem, but please check it anyway after uninstalling. If you have a problem with this step, please skip it, but let me know about it!

==========

Step :step2:

I'd like you to run this tool from normal boot mode, so you may download in safemode, but run it in normal mode. This is to get a better view of what's happening with your machine:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need the 32-bit version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==========

Please let me know if you have any trouble with the above steps! If you encounter any trouble with step 1, please continue with step 2 and let me know!

bloopie


Edited by bloopie, 15 July 2014 - 11:08 PM.


#4 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 08:31 AM

Thank you for your help Bloopie,

I still have the problem but hopefully with your help we will get rid of it.

 

I can not find any trace of Avast on my system anymore, I had it at one point but removed it once I started experiencing these problems, so I don't know why it still says I have it, I don't see it anywhere on the computer.

 

I have two windows discs that deal gave me, one for drivers and one for the operating system.

 

I downloaded FRST and followed your instructions to open it, and now im awaiting for it to open up, the mouse cursor spun for about 10 minutes and now grayed out the desktop and has an error message box saying "The application is not responding. The program may respond again if you wait. Do you want to end this process?"    I'm going to just let it sit and wait and hopefully work itself out or until i hear from you again


Edited by chriswatson06, 16 July 2014 - 08:33 AM.

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 16 July 2014 - 08:49 AM

Hello again,

 

I'm confident we'll get this machine back in working order. :)

 

If FRST won't run in normal mode, then run it in safemode and post the log. Let me know of you have any problems that way!

 

bloopie



#6 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 09:07 AM

Ok I've tried running it twice in safe mode and it opens but freezes up on the "checking for update. Please wait..." 

edit - ok it opened up after a 4th attempt lol, posting log in a second


Edited by chriswatson06, 16 July 2014 - 09:12 AM.

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#7 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 09:17 AM

Ok, here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Chris (administrator) on TINE-PC on 16-07-2014 10:12:36
Running from C:\Users\Chris\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD1DA3E32719CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\a9qg2xw3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\Chris\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-12]

========================== Services (Whitelisted) =================

S4 dlcx_device; C:\Windows\system32\dlcxcoms.exe [532480 2006-10-11] ( )
S4 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
S4 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-03] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1921024 2007-10-09] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1123328 2007-10-09] (Broadcom Corp.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-12] ()
S3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [14960 2014-04-12] (JMicron Technology Corp.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31048 2014-01-31] (Intel Corporation )
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 10:12 - 2014-07-16 10:13 - 00007280 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-07-16 10:12 - 2014-07-16 10:12 - 00000000 ____D () C:\FRST
2014-07-16 09:20 - 2014-07-16 09:20 - 01077248 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-07-12 08:43 - 2014-07-12 08:47 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-12 08:42 - 2014-07-12 08:42 - 00002854 _____ () C:\Windows\system32\.crusader
2014-07-12 08:36 - 2014-07-12 08:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-12 08:36 - 2014-07-12 08:36 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-12 08:36 - 2014-07-12 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-12 08:36 - 2014-07-12 08:36 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-12 08:34 - 2014-07-12 08:34 - 10278752 _____ (SurfRight B.V.) C:\Users\Chris\Desktop\HitmanPro.exe
2014-07-12 07:53 - 2014-07-12 07:52 - 00008098 _____ () C:\Users\Chris\Desktop\dds.txt
2014-07-12 07:50 - 2014-07-12 07:50 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-07-11 09:54 - 2014-07-11 09:54 - 00854390 _____ () C:\Users\Chris\Desktop\SecurityCheck.exe
2014-07-11 09:45 - 2014-07-11 09:45 - 00004135 _____ () C:\Users\Chris\Desktop\FSS.txt
2014-07-11 09:44 - 2014-07-11 09:44 - 00415744 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2014-07-10 20:41 - 2014-07-10 20:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\ESET
2014-07-10 20:12 - 2014-07-10 20:12 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-07-10 19:52 - 2014-07-10 19:52 - 01348263 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-07-10 19:42 - 2014-07-10 19:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2014-07-10 19:41 - 2014-07-10 19:45 - 29756759 _____ () C:\Users\Chris\Desktop\Result.txt
2014-07-10 19:40 - 2014-07-10 19:40 - 00401920 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2014-07-10 16:24 - 2014-07-10 16:24 - 26087777 _____ () C:\Users\Chris\Desktop\CBS.log
2014-07-10 15:55 - 2008-01-20 22:23 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-07-10 15:20 - 2014-07-10 15:20 - 00008796 _____ () C:\Users\Chris\Documents\cc_20140710_152028.reg
2014-07-10 15:20 - 2014-07-10 15:20 - 00000708 _____ () C:\Users\Chris\Documents\cc_20140710_152051.reg
2014-07-10 15:19 - 2014-07-10 15:19 - 00882230 _____ () C:\Users\Chris\Documents\cc_20140710_151924.reg
2014-07-10 15:18 - 2014-07-10 15:18 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 13:30 - 2014-07-10 13:30 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-01 20:23 - 2014-01-31 17:10 - 00031048 _____ (Intel Corporation ) C:\Windows\system32\Drivers\iqvw32.sys
2014-07-01 19:28 - 2014-07-01 19:28 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect (2).exe
2014-07-01 18:40 - 2014-07-01 18:40 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect (1).exe
2014-07-01 18:26 - 2014-07-01 18:26 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect.exe
2014-06-27 14:48 - 2014-06-27 14:48 - 00000016 _____ () C:\Users\Chris\Desktop\VFF.txt
2014-06-27 11:51 - 2014-06-27 11:51 - 00000000 ____D () C:\Users\Chris\Documents\Zoom
2014-06-27 11:49 - 2014-06-27 11:49 - 00001728 _____ () C:\Users\Chris\Desktop\Zoom.lnk
2014-06-27 11:49 - 2014-06-27 11:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2014-06-27 11:47 - 2014-06-27 11:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Zoom
2014-06-26 22:31 - 2014-06-26 22:31 - 00067736 _____ () C:\Users\Tine\Downloads\google.csv
2014-06-23 19:12 - 2014-06-23 19:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-21 13:36 - 2014-06-21 13:36 - 00001703 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-21 13:36 - 2014-06-21 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-21 13:34 - 2014-06-21 13:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-21 13:34 - 2014-06-21 13:34 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-07-16 10:13 - 2014-07-16 10:12 - 00007280 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-07-16 10:12 - 2014-07-16 10:12 - 00000000 ____D () C:\FRST
2014-07-16 10:08 - 2008-01-20 21:35 - 01641961 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 09:39 - 2012-09-03 14:08 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 09:39 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 09:39 - 2006-11-02 08:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 09:39 - 2006-11-02 08:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 09:21 - 2008-01-20 22:47 - 00552062 _____ () C:\Windows\PFRO.log
2014-07-16 09:20 - 2014-07-16 09:20 - 01077248 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-07-12 08:47 - 2014-07-12 08:43 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-12 08:42 - 2014-07-12 08:42 - 00002854 _____ () C:\Windows\system32\.crusader
2014-07-12 08:42 - 2014-07-12 08:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-12 08:36 - 2014-07-12 08:36 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-12 08:36 - 2014-07-12 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-12 08:36 - 2014-07-12 08:36 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-12 08:34 - 2014-07-12 08:34 - 10278752 _____ (SurfRight B.V.) C:\Users\Chris\Desktop\HitmanPro.exe
2014-07-12 07:52 - 2014-07-12 07:53 - 00008098 _____ () C:\Users\Chris\Desktop\dds.txt
2014-07-12 07:50 - 2014-07-12 07:50 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-07-11 09:54 - 2014-07-11 09:54 - 00854390 _____ () C:\Users\Chris\Desktop\SecurityCheck.exe
2014-07-11 09:45 - 2014-07-11 09:45 - 00004135 _____ () C:\Users\Chris\Desktop\FSS.txt
2014-07-11 09:44 - 2014-07-11 09:44 - 00415744 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2014-07-10 20:42 - 2014-04-07 14:47 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 20:42 - 2014-04-07 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 20:42 - 2014-04-07 14:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-10 20:41 - 2014-07-10 20:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\ESET
2014-07-10 20:12 - 2014-07-10 20:12 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-07-10 19:55 - 2014-03-14 18:41 - 00000000 ____D () C:\AdwCleaner
2014-07-10 19:52 - 2014-07-10 19:52 - 01348263 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-07-10 19:45 - 2014-07-10 19:41 - 29756759 _____ () C:\Users\Chris\Desktop\Result.txt
2014-07-10 19:42 - 2014-07-10 19:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2014-07-10 19:40 - 2014-07-10 19:40 - 00401920 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2014-07-10 16:24 - 2014-07-10 16:24 - 26087777 _____ () C:\Users\Chris\Desktop\CBS.log
2014-07-10 15:33 - 2006-11-02 09:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 15:20 - 2014-07-10 15:20 - 00008796 _____ () C:\Users\Chris\Documents\cc_20140710_152028.reg
2014-07-10 15:20 - 2014-07-10 15:20 - 00000708 _____ () C:\Users\Chris\Documents\cc_20140710_152051.reg
2014-07-10 15:19 - 2014-07-10 15:19 - 00882230 _____ () C:\Users\Chris\Documents\cc_20140710_151924.reg
2014-07-10 15:18 - 2014-07-10 15:18 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 14:48 - 2014-03-16 13:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-07-10 14:46 - 2014-03-16 15:41 - 00003691 _____ () C:\Windows\wininit.ini
2014-07-10 14:22 - 2013-11-08 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 14:18 - 2012-07-17 16:45 - 00006756 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2014-07-10 13:43 - 2012-09-03 14:08 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 13:43 - 2012-07-17 16:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 13:30 - 2014-07-10 13:30 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-10 13:30 - 2012-09-03 14:07 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-07-10 13:30 - 2012-09-03 14:07 - 00000000 ____D () C:\Program Files\Google
2014-07-10 13:12 - 2012-07-17 22:09 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-10 10:32 - 2013-08-08 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 10:07 - 2006-11-02 06:33 - 00773556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 07:50 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-01 21:16 - 2014-05-15 19:13 - 00000000 ____D () C:\Users\Tine\AppData\Roaming\uTorrent
2014-07-01 19:30 - 2014-04-08 11:40 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-07-01 19:28 - 2014-07-01 19:28 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect (2).exe
2014-07-01 18:48 - 2012-07-24 11:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-01 18:40 - 2014-07-01 18:40 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect (1).exe
2014-07-01 18:26 - 2014-07-01 18:26 - 00417824 _____ () C:\Users\Chris\Downloads\DellSystemDetect.exe
2014-06-28 20:06 - 2012-08-30 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-27 14:48 - 2014-06-27 14:48 - 00000016 _____ () C:\Users\Chris\Desktop\VFF.txt
2014-06-27 11:51 - 2014-06-27 11:51 - 00000000 ____D () C:\Users\Chris\Documents\Zoom
2014-06-27 11:49 - 2014-06-27 11:49 - 00001728 _____ () C:\Users\Chris\Desktop\Zoom.lnk
2014-06-27 11:49 - 2014-06-27 11:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2014-06-27 11:49 - 2014-06-27 11:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Zoom
2014-06-26 22:58 - 2014-04-12 20:36 - 00000000 ____D () C:\Users\Tine\AppData\Roaming\SoftGrid Client
2014-06-26 22:31 - 2014-06-26 22:31 - 00067736 _____ () C:\Users\Tine\Downloads\google.csv
2014-06-26 11:53 - 2014-04-12 17:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SoftGrid Client
2014-06-23 20:42 - 2012-07-18 16:44 - 00075776 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 19:13 - 2014-06-23 19:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-22 16:24 - 2012-07-17 16:45 - 00000000 ____D () C:\Users\Chris
2014-06-22 16:23 - 2012-10-02 13:03 - 00000000 ____D () C:\Program Files\Philips
2014-06-21 21:13 - 2014-05-17 14:28 - 00000000 ____D () C:\found.001
2014-06-21 14:30 - 2014-03-15 11:32 - 00041984 _____ () C:\Users\Tine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 14:19 - 2013-01-16 21:52 - 00000000 ___RD () C:\Users\Tine\Desktop\Random
2014-06-21 14:18 - 2014-04-30 19:00 - 00000000 ____D () C:\Users\Tine\Desktop\Tine
2014-06-21 14:16 - 2014-06-11 19:44 - 00000000 ____D () C:\Users\Tine\Desktop\New Folder
2014-06-21 13:36 - 2014-06-21 13:36 - 00001703 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-21 13:36 - 2014-06-21 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-21 13:36 - 2014-06-21 13:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-21 13:36 - 2012-07-18 16:05 - 00000000 ____D () C:\Program Files\iTunes
2014-06-21 13:34 - 2014-06-21 13:34 - 00000000 ____D () C:\Program Files\iPod
2014-06-21 13:34 - 2012-07-18 16:03 - 00000000 ____D () C:\Program Files\Common Files\Apple

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\temp\ose00000.exe
C:\Users\Chris\AppData\Local\temp\ose00001.exe
C:\Users\Chris\AppData\Local\temp\ose00002.exe
C:\Users\Chris\AppData\Local\temp\ose00003.exe
C:\Users\Chris\AppData\Local\temp\ose00004.exe
C:\Users\Chris\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-16 10:15

==================== End Of Log ============================


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#8 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 09:19 AM

Here is the Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Chris at 2014-07-16 10:13:52
Running from C:\Users\Chris\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

3DP Chip v14.03 (HKLM\...\3DP Chip) (Version: v14.03 - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 4.0 (HKLM\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell PC Fax (HKLM\...\Dell PC Fax) (Version:  - )
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version:  - Dell, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FocalFilter (HKLM\...\{78156F61-016D-402A-9EF9-C2AA253DB22A}) (Version: 0.9.00 - FocalFilter)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{B4BEEEA3-05E9-4966-AE47-B0F3490564BE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
ITECIR Driver (Version: 1.00.000 - ITE) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.0.8 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.0.8 - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7122.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
Muvic Smartbar (HKLM\...\{847917E3-683B-4A08-8CEB-FBB46CA2785A}) (Version: 11.40.58.16153 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKCU\...\{7ac519d0-ada8-4002-bab0-c1e01303b8bd}) (Version: 11.40.58.16153 - PinWid Ltd.) <==== ATTENTION
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH Media Driver ver.2.07.01.02 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.02 - RICOH)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass  (12/18/2007 5.0.0004.6) (HKLM\...\1A5A977E511ED61600002E176F048ED6FCBD8560) (Version: 12/18/2007 5.0.0004.6 - ITE Tech.Inc.)
Zoom (HKCU\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)

==================== Restore Points  =========================

24-06-2014 07:00:34 Windows Update
25-06-2014 04:00:00 Scheduled Checkpoint
25-06-2014 07:00:11 Windows Update
26-06-2014 07:00:11 Windows Update
26-06-2014 21:22:05 Scheduled Checkpoint
27-06-2014 15:13:31 Windows Update
03-07-2014 22:47:36 Windows Update
04-07-2014 07:00:11 Windows Update
05-07-2014 01:02:41 Windows Update
05-07-2014 19:57:28 Windows Update
06-07-2014 07:00:15 Windows Update
07-07-2014 04:00:00 Scheduled Checkpoint
07-07-2014 07:00:11 Windows Update
08-07-2014 04:00:00 Scheduled Checkpoint
08-07-2014 07:00:11 Windows Update
09-07-2014 07:00:15 Windows Update
10-07-2014 04:00:00 Scheduled Checkpoint
10-07-2014 07:00:12 Windows Update

==================== Hosts content: ==========================

2014-05-15 15:15 - 2014-06-29 09:11 - 28519200 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {03C19DCB-686E-4E4F-913B-1412EDC18759} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {0CB9847E-233F-426A-95EF-70364B11D6FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {1B159B56-0887-4A04-966F-73EBE663DE89} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4057854B-A727-4F05-ABCD-B5A883333A4C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {65D2A488-1020-4ADD-BE29-0001DD7AC075} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {781A07E8-CBB7-4D89-A45A-3C971416F1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {AEF8A7CD-C1C4-4348-8863-E8AFF8696821} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {AF468330-66F1-492F-B4B9-25F330D87661} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D642C3DE-B796-478C-A58B-1145D0518098} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D663C008-622D-45D8-9163-F85BAD66CDBC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D8BB872C-9C1C-4D0C-9044-E21F01861DC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E64E7EE4-75E9-48BE-A73A-272658E849E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dlcx_device => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HOSTS Anti-PUPs => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Chris\AppData\Local\Apps\2.0\GQOVHW1Y.MW0\W61LPK73.BP0\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
MSCONFIG\startupreg: DLCXCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: dlcxmon.exe => "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Dell PC Fax\fm3032.exe" /s
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MemoryCardManager => "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 10:03:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x7e4, application start time 0xmbam.exe0.

Error: (07/16/2014 09:59:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:58:33 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/16/2014 09:06:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:05:28 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/12/2014 08:48:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 08:47:47 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/12/2014 08:42:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\Chris\Desktop\HitmanPro.exe ; Descripton = Checkpoint by HitmanPro; Hr = 0x8007043c).

Error: (07/12/2014 08:41:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\Chris\Desktop\HitmanPro.exe ; Descripton = Checkpoint by HitmanPro; Hr = 0x8007043c).

Error: (07/12/2014 08:33:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x1924, application start time 0xmbam.exe0.

System errors:
=============
Error: (07/16/2014 10:08:17 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.177.2344.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/16/2014 10:08:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/16/2014 10:06:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:06:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:05:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:05:03 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.6 for the Network Card with network address 001FE1CCA159 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (07/16/2014 10:04:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:04:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:03:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (07/16/2014 10:03:12 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.6 for the Network Card with network address 001FE1CCA159 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (03/04/2014 10:45:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000100

Error: (03/04/2014 10:44:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000200

Error: (03/04/2014 10:43:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100090

Error: (03/04/2014 10:43:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.10001323600

Error: (03/03/2014 03:11:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000100

Error: (03/03/2014 03:11:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000210180

Error: (02/24/2014 01:34:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100012194600

Error: (02/17/2014 09:24:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100014841440

Error: (02/13/2014 06:28:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000413180

Error: (02/13/2014 06:19:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000510

CodeIntegrity Errors:
===================================
  Date: 2014-07-04 18:50:06.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-04 18:50:06.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-04 18:50:06.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-04 18:50:06.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-04 18:50:05.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-04 18:50:05.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 19:16:12.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 19:16:12.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 19:16:11.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 19:16:11.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3573.12 MB
Available physical RAM: 2763.21 MB
Total Pagefile: 7331.97 MB
Available Pagefile: 6753.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.5 GB) (Free:72.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:10 GB) (Free:9.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 68000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 16 July 2014 - 09:54 AM

Hello again,

 

Good work! :wink:

 

Okay, please allow me some time to go over these logs. I may not be able to get back to you for another 7 hours (worst case scenario) as I'm at work right now. So if you need to be away from the machine for a while, now's a good time.

Thanks for your patience! :thumbup2:

 

bloopie



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 16 July 2014 - 01:23 PM

Hello again,

I'd like you to run these for me next. You can run them both from either boot mode. (I know you ran TDSSKiller before, but I'd like you to run it again...this time with the parameters mentioned in step 2):

Step :step1:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   480bytes   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Once the system reboots, and you see the Kaspersky TDSSKiller window again. Please click "Change Parameters" again, and make sure all boxes are checkboxed!
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

bloopie



#11 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 02:13 PM

Thanks

 

Here is the frst log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Chris at 2014-07-16 15:10:07 Run:1
Running from C:\Users\Chris\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
SearchScopes: HKLM - DefaultScope value is missing.
C:\Users\Chris\AppData\Local\temp\ose00000.exe
C:\Users\Chris\AppData\Local\temp\ose00001.exe
C:\Users\Chris\AppData\Local\temp\ose00002.exe
C:\Users\Chris\AppData\Local\temp\ose00003.exe
C:\Users\Chris\AppData\Local\temp\ose00004.exe
C:\Users\Chris\AppData\Local\temp\Quarantine.exe
*****************

'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}'=> Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Chris\AppData\Local\temp\ose00000.exe => Moved successfully.
C:\Users\Chris\AppData\Local\temp\ose00001.exe => Moved successfully.
C:\Users\Chris\AppData\Local\temp\ose00002.exe => Moved successfully.
C:\Users\Chris\AppData\Local\temp\ose00003.exe => Moved successfully.
C:\Users\Chris\AppData\Local\temp\ose00004.exe => Moved successfully.
C:\Users\Chris\AppData\Local\temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 16 July 2014 - 02:15 PM

Good! Post the TDSSKiller results log when finished (if the log is too long to fit in one post, you may attach the log into your next reply). :wink:

 

bloopie



#13 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 04:57 PM

How long does TDSSKILLER usually take? It's been running for 2 hours and 22 minutes but hasn't found anything yet. The program is still responsive and when I click on the reports link this is what comes up,

 

15:32:57.0472 0x0654 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

15:33:02.0557 0x0654 ============================================================

15:33:02.0557 0x0654 Current date / time: 2014/07/16 15:33:02.0557

15:33:02.0557 0x0654 SystemInfo:

15:33:02.0557 0x0654

15:33:02.0557 0x0654 OS Version: 6.0.6002 ServicePack: 2.0

15:33:02.0557 0x0654 Product type: Workstation

15:33:02.0557 0x0654 ComputerName: TINE-PC

15:33:02.0557 0x0654 UserName: Chris

15:33:02.0557 0x0654 Windows directory: C:\Windows

15:33:02.0557 0x0654 System windows directory: C:\Windows

15:33:02.0557 0x0654 Processor architecture: Intel x86

15:33:02.0557 0x0654 Number of processors: 2

15:33:02.0557 0x0654 Page size: 0x1000

15:33:02.0557 0x0654 Boot type: Safe boot with network

15:33:02.0557 0x0654 ============================================================

15:33:02.0557 0x0654 BG loaded

15:33:02.0729 0x0654 System UUID: {4DFEE8EA-A0CE-CF4A-A691-80BC4180F85F}

15:33:03.0353 0x0654 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:33:03.0353 0x0654 ============================================================

15:33:03.0353 0x0654 \Device\Harddisk0\DR0:

15:33:03.0353 0x0654 MBR partitions:

15:33:03.0353 0x0654 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000

15:33:03.0353 0x0654 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8

15:33:03.0384 0x0654 ============================================================

15:33:03.0431 0x0654 C: <-> \Device\Harddisk0\DR0\Partition2

15:33:03.0478 0x0654 D: <-> \Device\Harddisk0\DR0\Partition1

15:33:03.0478 0x0654 ============================================================

15:33:03.0478 0x0654 Initialize success

15:33:03.0478 0x0654 ============================================================

15:34:01.0291 0x0688 ============================================================

15:34:01.0291 0x0688 Scan started

15:34:01.0291 0x0688 Mode: Manual; SigCheck; TDLFS;

15:34:01.0291 0x0688 ============================================================

15:34:01.0291 0x0688 KSN ping started


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:52 PM

Posted 16 July 2014 - 05:22 PM

TDSSKiller doesn't usually take more than a few minutes. If it's been running for over 2 hours, it's probably stalled. Do you have the log from the last time you ran it? If so post that.

If not, we'll come back to that. Please run this for me next (Combofix is best run in normal boot mode, but if that doesn't work, then you may run it in safemode):

Step :step1:

Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here
If you did turn off MSE's real-time protection, but CF still tells you that it's running, ignore the warning and try to run it anyway.

 

If you run into a problem and cannot run CF, then skip this step and move on to OTL in step 2 below!

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

Step :step2: (if step 1 was unsuccessful)

Download OTL to your Desktop
Secondary link

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

 

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • We only need the OTL.txt

bloopie



#15 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 16 July 2014 - 05:37 PM

Just tried running it again and it took about a minute, do you want me to do your next suggested step or wait until you review the log ?

It was too big to copy and paste and its 1529kb


Edited by chriswatson06, 16 July 2014 - 05:37 PM.

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users