Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No wireless Internet access and firewall is down


  • This topic is locked This topic is locked
2 replies to this topic

#1 BoomerFT

BoomerFT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 21 July 2014 - 01:45 PM

My laptop is a Dell Inspiron 1764, Windows 7 Pro x64. I have Avast Internet Security plus MalwareBytes Anti-Malware, Hitman Pro and CCleaner.
 
About 1 - 2 months ago I began having trouble when I couldn't access one website; directv.com. I read everything I could find but no luck. Meanwhile we had upgraded our internet from AT&T DSL to AT&T U-verse about two weeks ago. Then over the weekend our internet went down & I had to completely shut down the AT&T modem/router for a few minutes. After it came back up everything worked except for my laptop. I select the correct network connection but it shows as an Unidentified Network with no internet access. Avast reports it's firewall is down and I cannot start it. I don't receive a particular error message. I have tried restoring the system to two earlier restore points but the problem persists. I downloaded DDS from your website. You guys helped me correct a malware problem early in 2013 so I immediately came here for help! Another thing is I had noticed a program I removed was back after Syostem Restore so I attempted to remove it again. I received the message that I didn't have System Admin privileges. So I enabled the Admin account & logged on with it. Still no firewall or internet access. I ran DDS from that account.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Administrator at 13:16:38 on 2014-07-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3893.2045 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [Google Update] "C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{AD09F382-924E-4B13-9487-06B2695425A3} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C9F31CA2-A93B-4B02-97ED-911A746061F7}\055474143555357523 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C9F31CA2-A93B-4B02-97ED-911A746061F7}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: GoToAssist - <no file>
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
LSA: Notification Packages =  scecli FAPassSync
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Photo Album 6\MediaDetect.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\er26pj8e.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-2 224896]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-27 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-10-26 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-10-26 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-10-26 427360]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-1-23 55384]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-2 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-26 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-11 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-11 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-2-18 122128]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-2-18 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-2-18 766736]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-7-13 242216]
R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-8-26 127752]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-3-9 14952]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-7 91352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-28 1809720]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-27 1692480]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-28 5037888]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-27 172704]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-22 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-22 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-12 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-11 25816]
R3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-22 239616]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-7-11 106488]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-2-18 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-28 860472]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-28 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-28 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-15 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-6-17 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 220672]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP6\RpcAgentSrv.exe [2013-3-1 68760]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 eEyeUpdateSvc;eEye Update Service;C:\Program Files (x86)\Common Files\eEye Digital Security\SyncIt\eEyeUpdateSvc.exe [2013-5-4 91616]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2014-07-20 03:39:37    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\AVAST Software
2014-07-15 21:06:13    --------    d-----w-    C:\Program Files (x86)\ATTSA
2014-07-15 21:05:58    --------    d-----w-    C:\Program Files (x86)\Common Files\supportsoft
2014-07-15 21:03:56    --------    d-----w-    C:\Program Files (x86)\TESTRM
2014-07-12 17:51:06    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-12 17:51:06    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-12 17:51:06    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-12 17:51:06    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-12 17:51:06    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-12 17:27:47    --------    d-----w-    C:\Program Files\iPod
2014-07-12 17:27:41    --------    d-----w-    C:\Program Files\iTunes
2014-07-12 17:27:41    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-07-11 16:45:48    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-09 23:45:59    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-07-09 23:44:27    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-09 23:44:23    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-07-09 23:44:20    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
==================== Find3M  ====================
.
2014-07-21 01:06:55    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-14 14:27:14    101184    ----a-w-    C:\Windows\System32\stkMonitor.dll
2014-07-11 16:45:51    92008    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-07-11 16:45:51    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-11 16:45:51    1041168    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-07-11 16:45:50    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-11 16:45:50    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-11 16:45:50    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-11 16:45:50    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-11 16:45:29    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-07-09 04:10:32    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 04:10:32    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33    519168    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-04 18:30:36    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-04 18:27:18    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-04 02:05:38    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-13 02:51:31    96784    ----a-w-    C:\Windows\SysWow64\packet.dll
2014-05-13 02:51:31    369168    ----a-w-    C:\Windows\System32\wpcap.dll
2014-05-13 02:51:31    35344    ----a-w-    C:\Windows\System32\drivers\npf.sys
2014-05-13 02:51:31    281104    ----a-w-    C:\Windows\SysWow64\wpcap.dll
2014-05-13 02:51:31    106000    ----a-w-    C:\Windows\System32\packet.dll
2014-05-12 11:26:10    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:26:00    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 13:19:37.83 ===============

Edited by Queen-Evie, 21 July 2014 - 08:00 PM.
moved from Am I Infected to the appropriate forum. DDS logs are allowed only in Malware Removal Logs.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 AM

Posted 26 July 2014 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Try this to restore you Internet connection.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If still no internet, download these tools to a CD or Flash drive and copy them to the Desktop of the problem computer.
Run them and post the logs for my review.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 AM

Posted 31 July 2014 - 10:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users