Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found and removed zero access but still problems


  • This topic is locked This topic is locked
111 replies to this topic

#1 Oblioh

Oblioh

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 30 July 2014 - 05:04 AM

Hello,

 

Last Friday, my computer suddenly crashed and now refuses to run in normal mode. When I turn it on, it starts up but I cannot access anything and then it freezes with a white screen. I downloaded some tools and found I had a zero access infection. I removed the offending files, using malwarebytes and hitmanpro. However, the computer still won't work at all in normal mode.

 

Broni offered some guidance http://www.bleepingcomputer.com/forums/t/542391/removed-zero-access-but-still-have-problems/ and I ran various programmes (minitoolkit, RKill, Malwarebytes rootkit, security scanner) but as I can only use the computer on safemode, I have been advised to post on here.

 

Following Broni's advice, please find below my DDS log (produced in safe mode) pasted below and the Attach text file attached.

 

Thank you in advance for your help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.17207
Run by Shelley at 11:54:26 on 2014-07-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2009.1283 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned>
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN1CD1K1G005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Redirector] "c:\program files\citrix\ica client\redirector.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\shelley\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shelley\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uhvpn.herts.ac.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E} : DHCPNameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E}\358656C6C6569702D436B456F677E62E08993702960586F6E656 : DHCPNameServer = 82.132.254.3 82.132.254.2
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E}\6796277696E6D65646961623931323532393 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77} : DHCPNameServer = 195.110.128.1 212.48.4.11
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2013-9-24 70440]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 340592]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
S1 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2012-9-4 11936]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-5 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-26 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-26 860472]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-10 67904]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104264]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-8-10 44312]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-14 108032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-5 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-26 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-26 51928]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-10 64432]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-10 1343400]
.
=============== Created Last 30 ================
.
2014-07-27 13:02:32 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-27 12:46:03 -------- d-----w- C:\FRST
2014-07-27 12:36:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-27 12:02:46 -------- d-----w- c:\users\shelley\appdata\local\temp
2014-07-27 11:52:05 98816 ----a-w- c:\windows\sed.exe
2014-07-27 11:52:05 256000 ----a-w- c:\windows\PEV.exe
2014-07-27 11:52:05 208896 ----a-w- c:\windows\MBR.exe
2014-07-27 11:43:38 -------- d-----w- c:\programdata\RegRun
2014-07-27 11:40:54 2 --shatr- c:\windows\winstart.bat
2014-07-27 11:40:48 -------- d-----w- c:\program files\UnHackMe
2014-07-27 10:30:01 -------- d-----w- c:\users\shelley\appdata\local\{385D6F0D-4CD7-4650-9AFD-A19C7F14D6AB}
2014-07-26 09:05:37 -------- d-----w- c:\programdata\Kaspersky Lab
2014-07-26 08:59:51 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-26 08:59:51 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-26 08:59:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-26 08:33:33 -------- d-----w- c:\users\shelley\appdata\roaming\AVAST Software
2014-07-26 08:28:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-26 08:27:52 -------- d-----w- c:\program files\AVAST Software
2014-07-26 08:27:39 -------- d-----w- c:\programdata\AVAST Software
2014-07-26 08:02:16 -------- d-----w- c:\users\shelley\appdata\local\{22CE4E45-5C89-4C47-9C57-E1D30C1C0553}
2014-07-26 07:49:16 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a9db7b6-1b46-4ba6-a47b-23cac1cab074}\mpengine.dll
2014-07-26 07:04:37 -------- d-----w- c:\users\shelley\appdata\local\{526FF797-EC94-459F-AACE-8D2FED248A25}
2014-07-26 06:59:32 -------- d-----w- C:\AdwCleaner
2014-07-26 06:56:50 -------- d-----w- c:\programdata\HitmanPro
2014-07-26 06:56:04 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-26 06:55:51 -------- d-----w- c:\programdata\Malwarebytes
2014-07-26 06:55:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-26 06:55:25 -------- d-----w- c:\users\shelley\appdata\local\Programs
2014-07-26 05:19:42 -------- d-----w- c:\users\shelley\appdata\local\{81D4E32E-633A-49AE-862D-32DF9B47B57C}
2014-07-25 07:31:44 -------- d-----w- c:\users\shelley\appdata\local\{C7B68094-C4A0-4142-85CA-580DAF0A6B96}
2014-07-24 11:19:24 -------- d-----w- c:\users\shelley\appdata\local\{68F87385-FF51-49CA-B10E-B762B830861F}
2014-07-23 11:33:37 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-23 11:24:55 -------- d-----w- c:\users\shelley\appdata\local\{DE1332C9-0787-471D-BD2B-97AC70AA2D3B}
2014-07-22 10:31:11 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7d9f8652-4bd3-4cde-9ebe-e6bf98b15a9e}\gapaengine.dll
2014-07-22 10:12:47 -------- d-----w- c:\users\shelley\appdata\local\{6DC25BBB-0500-4690-8B23-CB1E510C7B1E}
2014-07-20 12:03:06 -------- d-----w- c:\users\shelley\appdata\local\{9F8CD206-33C5-41CA-9A6B-D4ADC4A4AFF6}
2014-07-18 20:25:46 -------- d-----w- c:\users\shelley\appdata\local\{39355228-2568-45B1-A4D9-E85C46ABF0FE}
2014-07-17 08:16:25 -------- d-----w- c:\users\shelley\appdata\local\{B84FE4A8-6D6A-4B6E-937E-EE307A20046D}
2014-07-15 15:44:55 -------- d-----w- c:\users\shelley\appdata\local\{71D93436-FD17-4FFB-A918-953BAA15C3F5}
2014-07-14 10:11:50 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 10:11:09 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-14 10:07:59 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 10:07:22 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-14 10:07:19 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-14 09:31:55 -------- d-----w- c:\users\shelley\appdata\local\{8FC789C8-E6A0-46DF-9603-FFC959CAC83C}
2014-07-12 14:17:05 -------- d-----w- c:\users\shelley\appdata\local\{242E7D3F-9582-49E5-B4B7-5128116B1DA9}
2014-07-08 18:20:58 -------- d-----w- c:\users\shelley\appdata\local\{906BD9ED-B537-43F3-AA75-6C3C114E5F4D}
2014-07-06 20:49:45 -------- d-----w- c:\users\shelley\appdata\local\{DE7137AE-0CCB-410B-9B57-BE0EFEFA334C}
2014-07-06 08:46:30 -------- d-----w- c:\users\shelley\appdata\local\{B5B48C4A-A4CF-4645-B364-44F7E62D9BA9}
2014-07-05 07:08:44 -------- d-----w- c:\users\shelley\appdata\local\{B83669CB-ED00-4640-9FB2-15C4F64EBC15}
2014-07-05 05:55:04 -------- d-----w- c:\users\shelley\appdata\local\{2A02CB4F-6F3B-44C8-9C09-D1A0DD4A9A5E}
2014-07-04 21:01:18 -------- d-----w- c:\users\shelley\appdata\local\{DF4B9779-842B-4665-AAC5-CED88755E171}
2014-07-04 20:54:37 -------- d-----w- c:\users\shelley\appdata\local\{3ED3FEC4-8550-46CF-BBB3-F47E032EEE5F}
2014-07-04 13:52:04 -------- d-----w- c:\users\shelley\appdata\local\{7F74CDF4-CEDC-4A13-B4FA-70C60E762877}
2014-07-04 11:33:07 -------- d-----w- c:\users\shelley\appdata\local\{CF8F20C0-5EB1-47CA-8FC2-807B9E796485}
2014-07-03 20:39:51 -------- d-----w- c:\users\shelley\appdata\local\{D8F64D00-ADB5-4853-A085-1303B20FB568}
2014-07-02 17:25:39 -------- d-----w- c:\users\shelley\appdata\local\{07B99157-4B9E-4665-9BB2-720211D3EFA7}
2014-07-02 17:25:02 -------- d-----w- c:\users\shelley\appdata\local\{441FAC7F-5680-4B4F-A349-D3688C6DDE77}
2014-06-30 10:32:57 -------- d-----w- c:\users\shelley\appdata\local\{8168DF3F-DAC2-4DD7-9999-70CD32A17308}
.
==================== Find3M  ====================
.
2014-07-08 19:36:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 19:36:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2010-09-24 10:57:11 6 ----a-w- c:\program files\common files\UnInstallCompleted.tmp
.
============= FINISH: 11:58:26.72 ===============
 

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 04 August 2014 - 05:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542725 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 05 August 2014 - 06:42 AM

Problem remains the same, computer won't work in normal mode. It boots up and then the screen freezes, goes white and the cursor circles.

 

I am using 32bit windows 7 home edition and do not have a windows CD/DVD, it was already installed in the computer.

 

I have just run DDS again and posted the log below.

 

Thank you in advance for your help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.17207
Run by Shelley at 13:35:21 on 2014-08-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2009.1373 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned>
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN1CD1K1G005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Redirector] "c:\program files\citrix\ica client\redirector.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\shelley\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shelley\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uhvpn.herts.ac.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E} : DHCPNameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E}\358656C6C6569702D436B456F677E62E08993702960586F6E656 : DHCPNameServer = 82.132.254.3 82.132.254.2
TCP: Interfaces\{3EE05CBC-13C5-46D8-8B67-DBA31BCE565E}\6796277696E6D65646961623931323532393 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77} : DHCPNameServer = 195.110.128.1 212.48.4.11
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2013-9-24 70440]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 340592]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
S1 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2012-9-4 11936]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-5 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-26 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-26 860472]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-10 67904]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104264]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-8-10 44312]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-14 108032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-5 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-26 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-26 51928]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-10 64432]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-10 1343400]
.
=============== Created Last 30 ================
.
2014-08-05 11:29:29 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a876bdf6-4ebc-4a23-8c23-d76de2ee01ef}\mpengine.dll
2014-07-27 13:02:32 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-27 12:46:03 -------- d-----w- C:\FRST
2014-07-27 12:36:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-27 12:02:46 -------- d-----w- c:\users\shelley\appdata\local\temp
2014-07-27 11:52:05 98816 ----a-w- c:\windows\sed.exe
2014-07-27 11:52:05 256000 ----a-w- c:\windows\PEV.exe
2014-07-27 11:52:05 208896 ----a-w- c:\windows\MBR.exe
2014-07-27 11:43:38 -------- d-----w- c:\programdata\RegRun
2014-07-27 11:40:54 2 --shatr- c:\windows\winstart.bat
2014-07-27 11:40:48 -------- d-----w- c:\program files\UnHackMe
2014-07-27 10:30:01 -------- d-----w- c:\users\shelley\appdata\local\{385D6F0D-4CD7-4650-9AFD-A19C7F14D6AB}
2014-07-26 09:05:37 -------- d-----w- c:\programdata\Kaspersky Lab
2014-07-26 08:59:51 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-26 08:59:51 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-26 08:59:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-26 08:33:33 -------- d-----w- c:\users\shelley\appdata\roaming\AVAST Software
2014-07-26 08:28:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-26 08:27:52 -------- d-----w- c:\program files\AVAST Software
2014-07-26 08:27:39 -------- d-----w- c:\programdata\AVAST Software
2014-07-26 08:02:16 -------- d-----w- c:\users\shelley\appdata\local\{22CE4E45-5C89-4C47-9C57-E1D30C1C0553}
2014-07-26 07:49:16 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-26 07:04:37 -------- d-----w- c:\users\shelley\appdata\local\{526FF797-EC94-459F-AACE-8D2FED248A25}
2014-07-26 06:59:32 -------- d-----w- C:\AdwCleaner
2014-07-26 06:56:50 -------- d-----w- c:\programdata\HitmanPro
2014-07-26 06:56:04 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-26 06:55:51 -------- d-----w- c:\programdata\Malwarebytes
2014-07-26 06:55:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-26 06:55:25 -------- d-----w- c:\users\shelley\appdata\local\Programs
2014-07-26 05:19:42 -------- d-----w- c:\users\shelley\appdata\local\{81D4E32E-633A-49AE-862D-32DF9B47B57C}
2014-07-25 07:31:44 -------- d-----w- c:\users\shelley\appdata\local\{C7B68094-C4A0-4142-85CA-580DAF0A6B96}
2014-07-24 11:19:24 -------- d-----w- c:\users\shelley\appdata\local\{68F87385-FF51-49CA-B10E-B762B830861F}
2014-07-23 11:24:55 -------- d-----w- c:\users\shelley\appdata\local\{DE1332C9-0787-471D-BD2B-97AC70AA2D3B}
2014-07-22 10:31:11 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7d9f8652-4bd3-4cde-9ebe-e6bf98b15a9e}\gapaengine.dll
2014-07-22 10:12:47 -------- d-----w- c:\users\shelley\appdata\local\{6DC25BBB-0500-4690-8B23-CB1E510C7B1E}
2014-07-20 12:03:06 -------- d-----w- c:\users\shelley\appdata\local\{9F8CD206-33C5-41CA-9A6B-D4ADC4A4AFF6}
2014-07-18 20:25:46 -------- d-----w- c:\users\shelley\appdata\local\{39355228-2568-45B1-A4D9-E85C46ABF0FE}
2014-07-17 08:16:25 -------- d-----w- c:\users\shelley\appdata\local\{B84FE4A8-6D6A-4B6E-937E-EE307A20046D}
2014-07-15 15:44:55 -------- d-----w- c:\users\shelley\appdata\local\{71D93436-FD17-4FFB-A918-953BAA15C3F5}
2014-07-14 10:11:50 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 10:11:09 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-14 10:07:59 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 10:07:22 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-14 10:07:19 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-14 09:31:55 -------- d-----w- c:\users\shelley\appdata\local\{8FC789C8-E6A0-46DF-9603-FFC959CAC83C}
2014-07-12 14:17:05 -------- d-----w- c:\users\shelley\appdata\local\{242E7D3F-9582-49E5-B4B7-5128116B1DA9}
2014-07-08 18:20:58 -------- d-----w- c:\users\shelley\appdata\local\{906BD9ED-B537-43F3-AA75-6C3C114E5F4D}
2014-07-06 20:49:45 -------- d-----w- c:\users\shelley\appdata\local\{DE7137AE-0CCB-410B-9B57-BE0EFEFA334C}
.
==================== Find3M  ====================
.
2014-07-08 19:36:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 19:36:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2010-09-24 10:57:11 6 ----a-w- c:\program files\common files\UnInstallCompleted.tmp
.
============= FINISH: 13:39:11.89 ===============
 



#4 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 05 August 2014 - 01:11 PM

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
 
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Let's see if we can get a FRST scan in Safe Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Edited by Bud_91, 10 August 2014 - 04:35 PM.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#5 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 05 August 2014 - 01:28 PM

Hi bud_91,

 

Thank you for giving up your free time to help me out with this, I really appreciate it.

 

As requested, I have run the FRST scan and pasted the FRST log below and attached the addition log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Shelley (administrator) on SHELLEY-PC on 05-08-2014 20:25:55
Running from C:\Users\Shelley\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-05] (Google Inc.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Startup: C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shelley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co.uk/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enGB392GB392
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co.uk/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enGB392GB392
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://uhvpn.herts.ac.uk/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-25]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-02-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-05-18]
CHR Extension: (Skype Click to Call) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Shelley\AppData\Local\Temp\crx3795.tmp [2014-05-18]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [669040 2011-04-25] (Juniper Networks)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [19456 2008-09-29] (McAfee, Inc.)
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [143088 2008-09-29] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [67904 2008-09-29] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dsNcAdpt; C:\windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-04-25] (Juniper Networks)
S1 inpout32; C:\windows\System32\drivers\inpout32.sys [11936 2012-09-04] (Highresolution Enterprises [www.highrez.co.uk])
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [74648 2008-09-29] (McAfee, Inc.)
S3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [90360 2008-09-29] (McAfee, Inc.)
S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [42424 2008-09-29] (McAfee, Inc.)
S0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [340592 2008-09-29] (McAfee, Inc.)
S3 mferkdet; C:\windows\System32\drivers\mferkdet.sys [64432 2008-09-29] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [62704 2008-09-29] (McAfee, Inc.)
S0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S2 zntport; C:\windows\System32\drivers\zntport.sys [6560 2002-11-29] (Zeal SoftStudio) [File not signed]
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Shelley\AppData\Local\Temp\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Shelley\AppData\Local\Temp\mfe_rr.sys [X]
U3 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 20:23 - 2014-08-05 20:26 - 00020214 _____ () C:\Users\Shelley\Desktop\FRST.txt
2014-08-05 20:23 - 2014-08-05 20:23 - 01084928 _____ (Farbar) C:\Users\Shelley\Desktop\FRST.exe
2014-07-30 11:53 - 2014-07-30 11:54 - 00688992 ____R (Swearware) C:\Users\Shelley\Desktop\dds.com
2014-07-28 11:42 - 2014-07-28 11:43 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Shelley\Desktop\rkill.exe
2014-07-28 11:25 - 2014-07-28 11:40 - 00000000 ____D () C:\Users\Shelley\Desktop\mbar
2014-07-28 11:25 - 2014-07-28 11:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shelley\Desktop\mbar-1.07.0.1012.exe
2014-07-28 11:22 - 2014-07-28 11:22 - 00001059 _____ () C:\Users\Shelley\Desktop\Mwb.txt
2014-07-28 11:04 - 2014-07-28 11:05 - 00044979 _____ () C:\Users\Shelley\Desktop\Result.txt
2014-07-28 11:03 - 2014-07-28 11:03 - 00003973 _____ () C:\Users\Shelley\Desktop\FSS.txt
2014-07-28 11:00 - 2014-07-28 11:00 - 00854390 _____ () C:\Users\Shelley\Desktop\SecurityCheck.exe
2014-07-28 10:44 - 2014-07-28 10:44 - 00003288 ____N () C:\bootsqm.dat
2014-07-27 15:03 - 2014-07-27 15:03 - 00010979 _____ () C:\ComboFix.txt
2014-07-27 14:46 - 2014-08-05 20:25 - 00000000 ____D () C:\FRST
2014-07-27 14:36 - 2014-07-28 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-27 14:23 - 2014-07-28 11:45 - 00002672 _____ () C:\Users\Shelley\Desktop\Rkill.txt
2014-07-27 13:52 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-27 13:52 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-27 13:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-27 13:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-27 13:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-27 13:52 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-27 13:52 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-27 13:52 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-27 13:51 - 2014-07-27 15:03 - 00000000 ____D () C:\Qoobox
2014-07-27 13:51 - 2014-07-27 14:01 - 00000000 ____D () C:\windows\erdnt
2014-07-27 13:43 - 2014-07-27 13:45 - 00000000 ____D () C:\ProgramData\RegRun
2014-07-27 13:40 - 2014-07-27 14:22 - 00000000 ____D () C:\Program Files\UnHackMe
2014-07-27 13:40 - 2014-07-27 13:45 - 00000000 ____D () C:\Users\Shelley\Documents\RegRun2
2014-07-27 13:40 - 2014-07-27 13:40 - 00000002 RSHOT () C:\windows\winstart.bat
2014-07-27 13:35 - 2014-07-27 13:36 - 10279264 _____ (SurfRight B.V.) C:\Users\Shelley\Downloads\HitmanPro.exe
2014-07-27 13:27 - 2014-07-27 13:27 - 00003012 _____ () C:\windows\system32\.crusader
2014-07-27 13:13 - 2014-08-05 13:42 - 00017912 _____ () C:\Users\Shelley\Desktop\attach.txt
2014-07-27 13:13 - 2014-08-05 13:39 - 00022669 _____ () C:\Users\Shelley\Desktop\dds.txt
2014-07-27 13:09 - 2014-07-27 13:09 - 00688992 _____ (Swearware) C:\Users\Shelley\Downloads\dds.com
2014-07-27 12:30 - 2014-07-27 12:30 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{385D6F0D-4CD7-4650-9AFD-A19C7F14D6AB}
2014-07-26 11:05 - 2014-07-26 11:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-26 10:59 - 2014-07-28 11:25 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-26 10:59 - 2014-07-26 10:59 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 10:59 - 2014-07-26 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 10:59 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-26 10:59 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-26 10:33 - 2014-07-26 10:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\AVAST Software
2014-07-26 10:28 - 2014-07-26 10:28 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-26 10:27 - 2014-07-26 10:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-26 10:27 - 2014-07-26 10:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-26 10:02 - 2014-07-26 10:02 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{22CE4E45-5C89-4C47-9C57-E1D30C1C0553}
2014-07-26 09:04 - 2014-07-26 09:04 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{526FF797-EC94-459F-AACE-8D2FED248A25}
2014-07-26 08:59 - 2014-07-26 09:01 - 00000000 ____D () C:\AdwCleaner
2014-07-26 08:56 - 2014-07-30 11:42 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 08:56 - 2014-07-27 13:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-26 08:55 - 2014-07-26 10:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-26 08:55 - 2014-07-26 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 07:19 - 2014-07-26 07:19 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{81D4E32E-633A-49AE-862D-32DF9B47B57C}
2014-07-25 09:31 - 2014-07-25 09:32 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{C7B68094-C4A0-4142-85CA-580DAF0A6B96}
2014-07-24 13:19 - 2014-07-24 13:19 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{68F87385-FF51-49CA-B10E-B762B830861F}
2014-07-23 13:24 - 2014-07-23 13:25 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{DE1332C9-0787-471D-BD2B-97AC70AA2D3B}
2014-07-23 00:05 - 2014-07-23 00:19 - 00167594 _____ () C:\Users\Shelley\Desktop\Sustainoutput.spv
2014-07-22 23:31 - 2014-07-23 00:15 - 04138979 _____ () C:\Users\Shelley\Desktop\Sustainability.sav
2014-07-22 12:12 - 2014-07-22 12:12 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{6DC25BBB-0500-4690-8B23-CB1E510C7B1E}
2014-07-20 14:03 - 2014-07-20 14:03 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{9F8CD206-33C5-41CA-9A6B-D4ADC4A4AFF6}
2014-07-18 22:25 - 2014-07-18 22:25 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{39355228-2568-45B1-A4D9-E85C46ABF0FE}
2014-07-17 10:33 - 2014-07-17 11:23 - 00000000 ____D () C:\Users\Shelley\Desktop\Institutions and violence
2014-07-17 10:16 - 2014-07-17 10:16 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{B84FE4A8-6D6A-4B6E-937E-EE307A20046D}
2014-07-15 17:44 - 2014-07-15 17:45 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{71D93436-FD17-4FFB-A918-953BAA15C3F5}
2014-07-14 12:12 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-14 12:12 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-14 12:12 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-14 12:12 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-14 12:12 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-14 12:12 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-14 12:12 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-14 12:12 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-14 12:12 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-14 12:12 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-14 12:12 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-14 12:12 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-14 12:12 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-14 12:12 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-14 12:12 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-14 12:12 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-14 12:12 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-14 12:12 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 12:12 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-14 12:12 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-14 12:12 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-14 12:12 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-14 12:12 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-14 12:12 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-14 12:12 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-14 12:12 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-14 12:12 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-14 12:12 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-14 12:12 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-14 12:12 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-14 12:11 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-14 12:11 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-14 12:08 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-14 12:08 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-14 12:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-14 12:08 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-14 12:07 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-14 12:07 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-14 12:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-14 11:35 - 2014-07-20 23:26 - 00000000 ____D () C:\Users\Shelley\Desktop\Dan Chapter
2014-07-14 11:31 - 2014-07-14 11:34 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{8FC789C8-E6A0-46DF-9603-FFC959CAC83C}
2014-07-12 16:17 - 2014-07-12 16:17 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{242E7D3F-9582-49E5-B4B7-5128116B1DA9}
2014-07-12 08:12 - 2014-07-12 23:16 - 05206261 _____ () C:\Users\Shelley\Desktop\results2.sav
2014-07-08 21:47 - 2014-07-09 00:47 - 00898972 _____ () C:\Users\Shelley\Desktop\McKeown_poster.pptx
2014-07-08 20:20 - 2014-07-08 20:22 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{906BD9ED-B537-43F3-AA75-6C3C114E5F4D}
2014-07-06 22:49 - 2014-07-06 22:49 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{DE7137AE-0CCB-410B-9B57-BE0EFEFA334C}
2014-07-06 10:46 - 2014-07-06 10:46 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{B5B48C4A-A4CF-4645-B364-44F7E62D9BA9}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 20:26 - 2014-08-05 20:23 - 00020214 _____ () C:\Users\Shelley\Desktop\FRST.txt
2014-08-05 20:25 - 2014-07-27 14:46 - 00000000 ____D () C:\FRST
2014-08-05 20:23 - 2014-08-05 20:23 - 01084928 _____ (Farbar) C:\Users\Shelley\Desktop\FRST.exe
2014-08-05 20:18 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-05 20:17 - 2009-07-14 06:39 - 00128832 _____ () C:\windows\setupact.log
2014-08-05 13:42 - 2014-07-27 13:13 - 00017912 _____ () C:\Users\Shelley\Desktop\attach.txt
2014-08-05 13:39 - 2014-07-27 13:13 - 00022669 _____ () C:\Users\Shelley\Desktop\dds.txt
2014-08-05 13:29 - 2009-12-05 04:40 - 01738959 _____ () C:\windows\WindowsUpdate.log
2014-08-05 13:24 - 2013-08-24 11:48 - 00000342 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2014-08-05 13:24 - 2010-08-10 01:23 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 13:24 - 2010-08-10 00:36 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-08-05 13:23 - 2014-03-29 12:44 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 11:54 - 2014-07-30 11:53 - 00688992 ____R (Swearware) C:\Users\Shelley\Desktop\dds.com
2014-07-30 11:42 - 2014-07-26 08:56 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 11:37 - 2013-02-11 14:18 - 00000000 ___RD () C:\Users\Shelley\Dropbox
2014-07-30 11:36 - 2013-02-11 14:15 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Dropbox
2014-07-28 11:45 - 2014-07-27 14:23 - 00002672 _____ () C:\Users\Shelley\Desktop\Rkill.txt
2014-07-28 11:43 - 2014-07-28 11:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Shelley\Desktop\rkill.exe
2014-07-28 11:40 - 2014-07-28 11:25 - 00000000 ____D () C:\Users\Shelley\Desktop\mbar
2014-07-28 11:40 - 2014-07-27 14:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-28 11:25 - 2014-07-28 11:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shelley\Desktop\mbar-1.07.0.1012.exe
2014-07-28 11:25 - 2014-07-26 10:59 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-28 11:22 - 2014-07-28 11:22 - 00001059 _____ () C:\Users\Shelley\Desktop\Mwb.txt
2014-07-28 11:05 - 2014-07-28 11:04 - 00044979 _____ () C:\Users\Shelley\Desktop\Result.txt
2014-07-28 11:03 - 2014-07-28 11:03 - 00003973 _____ () C:\Users\Shelley\Desktop\FSS.txt
2014-07-28 11:00 - 2014-07-28 11:00 - 00854390 _____ () C:\Users\Shelley\Desktop\SecurityCheck.exe
2014-07-28 10:44 - 2014-07-28 10:44 - 00003288 ____N () C:\bootsqm.dat
2014-07-27 15:03 - 2014-07-27 15:03 - 00010979 _____ () C:\ComboFix.txt
2014-07-27 15:03 - 2014-07-27 13:51 - 00000000 ____D () C:\Qoobox
2014-07-27 15:01 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2014-07-27 14:59 - 2014-05-31 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-07-27 14:22 - 2014-07-27 13:40 - 00000000 ____D () C:\Program Files\UnHackMe
2014-07-27 14:21 - 2011-02-27 01:04 - 00002243 _____ () C:\windows\epplauncher.mif
2014-07-27 14:12 - 2009-12-05 05:19 - 00779498 _____ () C:\windows\PFRO.log
2014-07-27 14:02 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-07-27 14:02 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-07-27 14:01 - 2014-07-27 13:51 - 00000000 ____D () C:\windows\erdnt
2014-07-27 13:59 - 2010-08-10 00:37 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Adobe
2014-07-27 13:45 - 2014-07-27 13:43 - 00000000 ____D () C:\ProgramData\RegRun
2014-07-27 13:45 - 2014-07-27 13:40 - 00000000 ____D () C:\Users\Shelley\Documents\RegRun2
2014-07-27 13:40 - 2014-07-27 13:40 - 00000002 RSHOT () C:\windows\winstart.bat
2014-07-27 13:40 - 2009-07-14 04:04 - 00002577 _____ () C:\windows\system32\config.nt
2014-07-27 13:40 - 2009-07-14 04:04 - 00001688 _____ () C:\windows\system32\autoexec.nt
2014-07-27 13:36 - 2014-07-27 13:35 - 10279264 _____ (SurfRight B.V.) C:\Users\Shelley\Downloads\HitmanPro.exe
2014-07-27 13:30 - 2010-08-10 01:37 - 00000000 ____D () C:\Users\Shelley\Tracing
2014-07-27 13:28 - 2014-07-26 08:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-27 13:27 - 2014-07-27 13:27 - 00003012 _____ () C:\windows\system32\.crusader
2014-07-27 13:27 - 2012-01-13 00:31 - 00000000 __SHD () C:\Users\Shelley\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}
2014-07-27 13:09 - 2014-07-27 13:09 - 00688992 _____ (Swearware) C:\Users\Shelley\Downloads\dds.com
2014-07-27 12:30 - 2014-07-27 12:30 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{385D6F0D-4CD7-4650-9AFD-A19C7F14D6AB}
2014-07-26 14:49 - 2010-08-10 01:23 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 11:05 - 2014-07-26 11:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-26 10:59 - 2014-07-26 10:59 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 10:59 - 2014-07-26 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 10:59 - 2014-07-26 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-26 10:33 - 2014-07-26 10:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\AVAST Software
2014-07-26 10:28 - 2014-07-26 10:28 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-26 10:27 - 2014-07-26 10:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-26 10:27 - 2014-07-26 10:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-26 10:02 - 2014-07-26 10:02 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{22CE4E45-5C89-4C47-9C57-E1D30C1C0553}
2014-07-26 10:01 - 2009-07-14 06:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 10:01 - 2009-07-14 06:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 09:49 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\wfp
2014-07-26 09:48 - 2010-08-10 00:36 - 00000000 ____D () C:\Users\Shelley
2014-07-26 09:48 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Msdtc
2014-07-26 09:48 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com
2014-07-26 09:48 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system
2014-07-26 09:48 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\IME
2014-07-26 09:47 - 2014-03-29 15:32 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-07-26 09:47 - 2010-08-24 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 09:47 - 2010-08-10 00:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 09:47 - 2009-12-05 22:11 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-26 09:47 - 2009-12-05 04:55 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-26 09:47 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\registration
2014-07-26 09:45 - 2012-02-25 18:28 - 00000000 ____D () C:\ProgramData\Real
2014-07-26 09:04 - 2014-07-26 09:04 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{526FF797-EC94-459F-AACE-8D2FED248A25}
2014-07-26 09:01 - 2014-07-26 08:59 - 00000000 ____D () C:\AdwCleaner
2014-07-26 08:55 - 2014-07-26 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 07:19 - 2014-07-26 07:19 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{81D4E32E-633A-49AE-862D-32DF9B47B57C}
2014-07-25 09:32 - 2014-07-25 09:31 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{C7B68094-C4A0-4142-85CA-580DAF0A6B96}
2014-07-24 18:49 - 2011-08-04 22:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Skype
2014-07-24 13:23 - 2013-02-11 14:18 - 00001025 _____ () C:\Users\Shelley\Desktop\Dropbox.lnk
2014-07-24 13:23 - 2013-02-11 14:16 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 13:19 - 2014-07-24 13:19 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{68F87385-FF51-49CA-B10E-B762B830861F}
2014-07-23 13:25 - 2014-07-23 13:24 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{DE1332C9-0787-471D-BD2B-97AC70AA2D3B}
2014-07-23 00:25 - 2009-07-26 22:06 - 00800554 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-23 00:19 - 2014-07-23 00:05 - 00167594 _____ () C:\Users\Shelley\Desktop\Sustainoutput.spv
2014-07-23 00:15 - 2014-07-22 23:31 - 04138979 _____ () C:\Users\Shelley\Desktop\Sustainability.sav
2014-07-22 12:12 - 2014-07-22 12:12 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{6DC25BBB-0500-4690-8B23-CB1E510C7B1E}
2014-07-20 23:26 - 2014-07-14 11:35 - 00000000 ____D () C:\Users\Shelley\Desktop\Dan Chapter
2014-07-20 16:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-07-20 14:03 - 2014-07-20 14:03 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{9F8CD206-33C5-41CA-9A6B-D4ADC4A4AFF6}
2014-07-18 22:59 - 2014-03-29 12:47 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 22:25 - 2014-07-18 22:25 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{39355228-2568-45B1-A4D9-E85C46ABF0FE}
2014-07-17 11:23 - 2014-07-17 10:33 - 00000000 ____D () C:\Users\Shelley\Desktop\Institutions and violence
2014-07-17 10:16 - 2014-07-17 10:16 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{B84FE4A8-6D6A-4B6E-937E-EE307A20046D}
2014-07-15 17:45 - 2014-07-15 17:44 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{71D93436-FD17-4FFB-A918-953BAA15C3F5}
2014-07-14 17:58 - 2009-07-14 06:33 - 00424480 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-14 17:56 - 2014-05-07 13:21 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-14 17:56 - 2009-12-05 22:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 17:54 - 2010-08-10 00:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 17:01 - 2013-08-19 21:34 - 00000000 ____D () C:\windows\system32\MRT
2014-07-14 16:56 - 2010-08-10 13:16 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-14 11:34 - 2014-07-14 11:31 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{8FC789C8-E6A0-46DF-9603-FFC959CAC83C}
2014-07-12 23:16 - 2014-07-12 08:12 - 05206261 _____ () C:\Users\Shelley\Desktop\results2.sav
2014-07-12 16:49 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-07-12 16:17 - 2014-07-12 16:17 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{242E7D3F-9582-49E5-B4B7-5128116B1DA9}
2014-07-12 14:09 - 2014-06-10 12:23 - 00000000 ____D () C:\Users\Shelley\Documents\Current projects
2014-07-09 00:47 - 2014-07-08 21:47 - 00898972 _____ () C:\Users\Shelley\Desktop\McKeown_poster.pptx
2014-07-08 21:36 - 2014-03-29 12:44 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-08 21:36 - 2011-11-07 00:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 20:22 - 2014-07-08 20:20 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{906BD9ED-B537-43F3-AA75-6C3C114E5F4D}
2014-07-07 00:10 - 2011-08-04 22:32 - 00000000 ____D () C:\ProgramData\Skype
2014-07-06 22:49 - 2014-07-06 22:49 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{DE7137AE-0CCB-410B-9B57-BE0EFEFA334C}
2014-07-06 10:46 - 2014-07-06 10:46 - 00000000 ____D () C:\Users\Shelley\AppData\Local\{B5B48C4A-A4CF-4645-B364-44F7E62D9BA9}

Some content of TEMP:
====================
C:\Users\Shelley\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtozil.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 15:44

==================== End Of Log ============================

Attached Files



#6 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 05 August 2014 - 05:32 PM

Could you please post also the Combofix log from the previous run (Don't run it again).

Also, please post the HitmanPro log if you have it.

Edited by Bud_91, 05 August 2014 - 06:08 PM.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#7 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 August 2014 - 02:45 AM

I'm afraid that I don't have the combofix log or the hitman pro log. I (stupidly) ran both without saving to desktop and therefore have no trace of their scans.



#8 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 06 August 2014 - 07:56 AM

Sorry, should have mentioned locations.

Combofix log should be in C:\ComboFix.txt

Don't worry about HitmanPro.

The main problem now is that normal mode is unusable, right? Can you even get to the desktop?

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#9 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 August 2014 - 08:31 AM

I found it, thanks (pasted below).

 

I can boot up normal mode but as soon as I try to access anything (icons, internet) or just click the mouse, the computer freezes with a white screen and the cursor circles.

 

ComboFix 14-07-25.01 - Shelley 27/07/2014  14:51:50.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2009.1339 [GMT 2:00]
Running from: c:\users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUXZXR9Q\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-27 to 2014-07-27  )))))))))))))))))))))))))))))))
.
.
2014-07-27 13:01 . 2014-07-27 13:01 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2014-07-27 13:01 . 2014-07-27 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-27 12:46 . 2014-07-27 12:48 -------- d-----w- C:\FRST
2014-07-27 12:36 . 2014-07-27 12:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-27 12:02 . 2014-07-27 13:01 -------- d-----w- c:\users\Shelley\AppData\Local\temp
2014-07-27 11:43 . 2014-07-27 11:45 -------- d-----w- c:\programdata\RegRun
2014-07-27 11:40 . 2014-07-27 11:40 2 --shatr- c:\windows\winstart.bat
2014-07-27 11:40 . 2014-07-27 12:22 -------- d-----w- c:\program files\UnHackMe
2014-07-26 09:05 . 2014-07-26 09:05 -------- d-----w- c:\programdata\Kaspersky Lab
2014-07-26 08:59 . 2014-07-27 12:35 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-26 06:55 . 2014-07-26 06:55 -------- d-----w- c:\programdata\Malwarebytes
2014-07-26 06:55 . 2014-07-26 06:55 -------- d-----w- c:\users\Shelley\AppData\Local\Programs
2014-07-23 11:33 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-22 10:31 . 2014-05-07 09:32 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D9F8652-4BD3-4CDE-9EBE-E6BF98B15A9E}\gapaengine.dll
2014-07-14 10:11 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 10:11 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-14 10:07 . 2014-05-30 07:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 10:07 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-14 10:07 . 2014-06-30 01:36 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 19:36 . 2014-03-29 10:44 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 19:36 . 2011-11-06 22:52 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-07 09:32 . 2012-10-12 13:49 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2010-09-24 10:57 . 2010-09-24 10:57 6 ----a-w- c:\program files\Common Files\UnInstallCompleted.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-25 296056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shelley\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 20:48 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29 19:36]
.
2014-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 23:23]
.
2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 23:23]
.
2014-07-24 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-07-25 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.54.40.25 212.54.44.54
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-27  15:03:01
ComboFix-quarantined-files.txt  2014-07-27 13:03
ComboFix2.txt  2014-07-27 12:02
.
Pre-Run: 67,942,653,952 bytes free
Post-Run: 67,978,428,416 bytes free
.
- - End Of File - - D97AEC5390D07719DE81A2A46BD409B4
2E5DEBB2116B3417023E0D6562D7ED07
 



#10 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 06 August 2014 - 08:52 AM

It looks like you had McAfee, but replaced it with Microsoft Security Essentials. We need to clean up the McAfee remnants left on the computer, as they can cause problems.

Please download the removal tool here and run it. Let me know if it completes successfully and see if the problem improves.

Also, please run a new FSS scan:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    FSS.gif
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#11 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 August 2014 - 09:07 AM

The McAfee remover was unable to run the dialogue box states " Incomplete uninstallation. Enterprise software detected."

 

Here is the new FSS log (run in safe mode).

 

Farbar Service Scanner Version: 21-07-2014
Ran by Shelley (administrator) on 06-08-2014 at 16:06:30
Running from "C:\Users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQF5VNZP"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => File is digitally signed
C:\windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\windows\system32\dhcpcore.dll => File is digitally signed
C:\windows\system32\Drivers\afd.sys => File is digitally signed
C:\windows\system32\Drivers\tdx.sys => File is digitally signed
C:\windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\windows\system32\dnsrslvr.dll => File is digitally signed
C:\windows\system32\mpssvc.dll => File is digitally signed
C:\windows\system32\bfe.dll => File is digitally signed
C:\windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\windows\system32\SDRSVC.dll => File is digitally signed
C:\windows\system32\vssvc.exe => File is digitally signed
C:\windows\system32\wscsvc.dll => File is digitally signed
C:\windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\windows\system32\wuaueng.dll => File is digitally signed
C:\windows\system32\qmgr.dll => File is digitally signed
C:\windows\system32\es.dll => File is digitally signed
C:\windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\windows\system32\ipnathlp.dll => File is digitally signed
C:\windows\system32\iphlpsvc.dll => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed

**** End of log ****



#12 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 06 August 2014 - 04:39 PM

You wanted to get rid of McAfee, right? Please go into the Programs and Features Menu in the Control Panel and uninstall McAfee Agent and McAfee VirusScan Enterprise.

Next,

Download the ESET services repair tool, extract the file to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.
Then please run fresh scans with FRST and FSS and post the logs.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#13 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 August 2014 - 05:49 PM

I just turned on the computer and things have gotten worse as the internet is no longer working in safe mode. It is not detecting the router (or any others), even though I'm using the internet fine with other devices.

I've tried restarting several times and booting in normal mode but all unsuccessful.

I was also unable to uninstall mcafee, it says they the installer could not be accessed and something about mcafee potentially not being installed properly.

#14 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 07 August 2014 - 08:50 AM

Ok. Let's try this.

Please type Windows Key + R on the keyboard to bring up the Run box. Then copy/paste the following command:

msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=ALL REBOOT=R

Hit enter and see if McAfee will uninstall.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#15 Oblioh

Oblioh
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 07 August 2014 - 09:21 AM

Tried this but still same error message when trying to remove mcafee




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users