Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! internet wont work// "dns server not found"/ Virus?


  • Please log in to reply
12 replies to this topic

#1 Nick_593

Nick_593

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 August 2014 - 07:46 AM

osted Today, 11:41 AM

Hi guys please help! my computer wont connect to internet and is saying "dns server not found". I have tried several restore points, and resetting the router, but the problem persists.

The problem seems to have occurred after I started using an Ethernet cable, but I don't know if this is related? I am worried that the computer may have a virus however!.

 

I don't know how to fix this problem as I am not too good with computer, however the internet is running in safe mode (I am able to write this/ yet very slowly..).

Mobile phones are working fine.

 

Does anyone know how to solve this issues?

 

Please help.

Thanks

 

Computer: HP Envy M6

Windows 8

 



BC AdBot (Login to Remove)

 


m

#2 djmiiller

djmiiller

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:11:58 AM

Posted 25 August 2014 - 07:52 AM

What were you using before you started using the Ethernet cable?



#3 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 PM

Posted 25 August 2014 - 08:00 AM

Hi,

 

» RKill log

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Please post the log generated by the tool.

 

» MiniToolBox log

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 

» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#4 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 August 2014 - 09:04 AM

Hi,

 

» RKill log

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Please post the log generated by the tool.

 

» MiniToolBox log

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 

» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

 

Is it okay to run from safe mode?..



#5 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 August 2014 - 09:16 AM

Hi,

 

» RKill log

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Please post the log generated by the tool.

 

» MiniToolBox log

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 

» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

 

 

Hi,

 

» RKill log

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Please post the log generated by the tool.

 

» MiniToolBox log

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.
 

 

» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at
this link: http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/25/2014 03:04:55 PM in
x64 mode. (Safe Mode) Windows Version: Windows 8


Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in
the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" =
dword:00000001

 

 

 

MiniToolBox by Farbar Version: 21-07-2014 Ran by Nick (administrator) on 25-08-2014 at
15:09:30 Running from "C:\Users\Nick\Desktop\Bleeping
Computers 2907" Microsoft Windows 8 (X64) Boot Mode: Network ***************************************************************************

========================= Flush DNS:
===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings:
==============================


Proxy is not enabled. No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy
Settings were reset.

========================= FF Proxy Settings:
==============================




"Reset FF Proxy Settings": Firefox
Proxy settings were reset.

========================= Hosts content:
=================================

127.0.0.1 localhost

========================= IP Configuration:
================================

Intel® Centrino® Wireless-N 2230 = WiFi
(Connected) Realtek PCIe GBE Family Controller = Ethernet
(Media disconnected)



# ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4

reset set global icmpredirects=enabled set interface interface="Local Area
Connection* 9" forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled set interface interface="Ethernet"
forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled set interface interface="WiFi"
forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled set interface interface="Bluetooth Network
Connection" forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled set interface interface="Local Area
Connection* 12" forwarding=enabled advertise=enabled nud=enabled
ignoredefaultroutes=disabled



popd # End of IPv4 configuration





Windows IP Configuration

Host Name . . . . . . . . . . . . :
Nick-lounge Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media
disconnected Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft
Wi-Fi Direct Virtual Adapter Physical Address. . . . . . . . . :
84-A6-C8-72-A1-E7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel®
Centrino® Wireless-N 2230 Physical Address. . . . . . . . . :
84-A6-C8-72-A1-E6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . :
fe80::1149:4025:3716:dace%13(Preferred)
IPv4 Address. . . . . . . . . . . :
192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . :
255.255.255.0 Lease Obtained. . . . . . . . . . : 25 August
2014 13:38:11 Lease Expires . . . . . . . . . . : 26 August
2014 15:02:07 Default Gateway . . . . . . . . . :
192.168.0.1 DHCP Server . . . . . . . . . . . :
192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 210020040 DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-1A-FB-6B-41-84-34-97-19-12-4E DNS Servers . . . . . . . . . . . :
192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media
disconnected Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek
PCIe GBE Family Controller Physical Address. . . . . . . . . :
84-34-97-19-12-4E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media
disconnected Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft
6to4 Adapter Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling
Pseudo-Interface:

Media State . . . . . . . . . . . : Media
disconnected Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo
Tunneling Pseudo-Interface Physical Address. . . . . . . . . :
00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1

Name: google.com Addresses: 2a00:1450:4009:808::1001      173.194.41.160      173.194.41.169      173.194.41.165      173.194.41.167      173.194.41.161      173.194.41.174      173.194.41.164      173.194.41.168      173.194.41.162      173.194.41.166      173.194.41.163



Pinging google.com [74.125.230.65] with 32 bytes
of data: Reply from 74.125.230.65: bytes=32 time=28ms
TTL=57 Reply from 74.125.230.65: bytes=32 time=25ms
TTL=57

Ping statistics for 74.125.230.65: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 25ms, Maximum = 28ms, Average =
26ms DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1

DNS request timed out. timeout was 2 seconds. Name: yahoo.com Addresses: 98.138.253.109      98.139.183.24      206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes
of data: Reply from 206.190.36.45: bytes=32 time=175ms
TTL=46 Reply from 206.190.36.45: bytes=32 time=174ms
TTL=46

Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 174ms, Maximum = 175ms, Average =
174ms

Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms
TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms
TTL=128

Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0
(0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...84 a6 c8 72 a1 e7 ......Microsoft Wi-Fi
Direct Virtual Adapter 13...84 a6 c8 72 a1 e6 ......Intel®
Centrino® Wireless-N 2230 12...84 34 97 19 12 4e ......Realtek PCIe GBE
Family Controller 1...........................Software Loopback
Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft 6to4
Adapter 19...00 00 00 00 00 00 00 e0 Teredo Tunneling
Pseudo-Interface ===========================================================================

IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask
Gateway Interface Metric 0.0.0.0 0.0.0.0
192.168.0.1 192.168.0.3 30 127.0.0.0 255.0.0.0
On-link 127.0.0.1 306 127.0.0.1 255.255.255.255
On-link 127.0.0.1 306 127.255.255.255 255.255.255.255
On-link 127.0.0.1 306 192.168.0.0 255.255.255.0
On-link 192.168.0.3 286 192.168.0.3 255.255.255.255
On-link 192.168.0.3 286 192.168.0.255 255.255.255.255
On-link 192.168.0.3 286 224.0.0.0 240.0.0.0
On-link 127.0.0.1 306 224.0.0.0 240.0.0.0
On-link 192.168.0.3 286 255.255.255.255 255.255.255.255
On-link 127.0.0.1 306 255.255.255.255 255.255.255.255
On-link 192.168.0.3 286 =========================================================================== Persistent Routes: None

IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 13 286 fe80::/64 On-link 13 286 fe80::1149:4025:3716:dace/128 On-link 1 306 ff00::/8 On-link 13 286 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries
=====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll
[52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll
[67584] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll
[67584] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll
[55296] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll
[21504] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll
[50688] (Microsoft Corporation) Catalog5 08 C:\Program Files
(x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll
[289280] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\napinsp.dll
[66560] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll
[85504] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll
[85504] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\NLAapi.dll
[72192] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll
[53760] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll
[64000] (Microsoft Corporation) x64-Catalog5 08 C:\Program
Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll
[355328] (Microsoft Corporation)

========================= Event log errors:
===============================

Application errors: ================== Error: (08/25/2014 03:04:06 PM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error
in manifest or policy file
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2"
on line
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application
conflicts with another component version already active. Conflicting components are:. Component 1:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2:
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/25/2014 01:36:03 PM) (Source:
ISCTAgent) (User: ) Description:
netDetect::AOACNetDetect::NetDetectSupported Net Detect: Net
Detect Supported Error Getting Adapter List Error=0x8004625b\n

Error: (08/25/2014 01:31:41 PM) (Source:
Microsoft-Windows-Immersive-Shell) (User: Nick-lounge) Description: Activation of application
microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2144927141 See the
Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2014 01:31:35 PM) (Source:
Microsoft-Windows-Immersive-Shell) (User: Nick-lounge) Description: Package
microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
was terminated because it took too long to suspend.

Error: (08/25/2014 01:27:09 PM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error
in manifest or policy file
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2"
on line
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application
conflicts with another component version already active. Conflicting components are:. Component 1:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2:
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/25/2014 11:49:23 AM) (Source:
Microsoft-Windows-Immersive-Shell) (User: Nick-lounge) Description: Activation of application
microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2144927149 See the
Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/25/2014 11:28:19 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error
in manifest or policy file
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2"
on line
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application
conflicts with another component version already active. Conflicting components are:. Component 1:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2:
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/25/2014 10:03:34 AM) (Source:
SideBySide) (User: ) Description: Activation context generation
failed for
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error
in manifest or policy file
"C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2"
on line
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application
conflicts with another component version already active. Conflicting components are:. Component 1:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2:
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/25/2014 10:00:00 AM) (Source: ESENT)
(User: ) Description: svchost (1940) SRUJet: Error -1811
(0xfffff8ed) occurred while opening logfile
C:\Windows\system32\SRU\SRU003CE.log.

Error: (08/25/2014 09:53:00 AM) (Source:
Application Error) (User: ) Description: Faulting application name:
ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5 Faulting module name: MurocApi.dll, version:
16.1.0.0, time stamp: 0x521e7ff7 Exception code: 0xc0000005 Fault offset: 0x0000000000026570 Faulting process ID: 0xe34 Faulting application start time:
0xZeroConfigService.exe0 Faulting application path:
ZeroConfigService.exe1 Faulting module path: ZeroConfigService.exe2 Report ID: ZeroConfigService.exe3 Faulting package full name:
ZeroConfigService.exe4 Faulting package-relative application ID:
ZeroConfigService.exe5



System errors: ============= Error: (08/25/2014 03:09:17 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/25/2014 03:09:10 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/25/2014 03:09:09 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/25/2014 03:09:01 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/25/2014 03:08:57 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/25/2014 03:08:57 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/25/2014 03:08:25 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/25/2014 03:08:08 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/25/2014 03:08:08 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/25/2014 03:08:04 PM) (Source: DCOM)
(User: Nick-lounge) Description:
1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}



Microsoft Office Sessions: ========================= Error: (08/25/2014 03:04:06 PM) (Source:
SideBySide)(User: ) Description:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Nick\Desktop\Bleeping
Computers 2907\esetsmartinstaller_enu.exe

Error: (08/25/2014 01:36:03 PM) (Source:
ISCTAgent)(User: ) Description:
netDetect::AOACNetDetect::NetDetectSupported Net Detect: Net
Detect Supported Error Getting Adapter List Error=0x8004625b\n

Error: (08/25/2014 01:31:41 PM) (Source:
Microsoft-Windows-Immersive-Shell)(User: Nick-lounge) Description:
microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (08/25/2014 01:31:35 PM) (Source:
Microsoft-Windows-Immersive-Shell)(User: Nick-lounge) Description:
microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Error: (08/25/2014 01:27:09 PM) (Source:
SideBySide)(User: ) Description:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Nick\Desktop\Bleeping
Computers 2907\esetsmartinstaller_enu.exe

Error: (08/25/2014 11:49:23 AM) (Source:
Microsoft-Windows-Immersive-Shell)(User: Nick-lounge) Description:
microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927149

Error: (08/25/2014 11:28:19 AM) (Source:
SideBySide)(User: ) Description:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Nick\Desktop\Bleeping
Computers 2907\esetsmartinstaller_enu.exe

Error: (08/25/2014 10:03:34 AM) (Source:
SideBySide)(User: ) Description:
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Nick\Desktop\Bleeping
Computers 2907\esetsmartinstaller_enu.exe

Error: (08/25/2014 10:00:00 AM) (Source:
ESENT)(User: ) Description: svchost1940SRUJet:
C:\Windows\system32\SRU\SRU003CE.log-1811 (0xfffff8ed)

Error: (08/25/2014 09:53:00 AM) (Source:
Application Error)(User: ) Description:
ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c00000050000000000026570e3401cfc041eb0dffdbC:\Program
Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program
Files\Intel\WiFi\bin\MurocApi.dll370b8a82-2c35-11e4-bed6-84a6c872a1e6



CodeIntegrity Errors: =================================== Date: 2014-07-26 22:24:04.525 Description: Windows is unable to verify the
image integrity of the file
\Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could
not be found on the system. A recent hardware or software change
might have installed a file that is signed incorrectly or damaged, or
that might be malicious software from an unknown source.





=========================== Installed Programs
============================ 64 Bit HP CIO Components Installer (Version:
7.2.8 - Hewlett-Packard) Hidden 7 Wonders II (x32 Version: 2.2.0.98 -
WildTangent) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version:
14.0.0.178 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.178 - Adobe
Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe
Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems
Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe
Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.) Aloha TriPeaks (x32 Version: 2.2.0.98 -
WildTangent) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 -
Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager
(HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0
- Advanced Micro Devices, Inc.) Apple Application Support
(HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3
- Apple Inc.) Apple Mobile Device Support
(HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 -
Apple Inc.) Apple Software Update
(HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:
2.1.3.127 - Apple Inc.) AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 -
AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 -
WildTangent) Hidden Bing Bar
(HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version:
7.1.355.0 - Microsoft Corporation) Bonjour
(HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10
- Apple Inc.) BufferChm (x32 Version: 140.0.298.000 -
Hewlett-Packard) Hidden Build-a-lot 4 - Power Source (x32 Version:
2.2.0.98 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version:
1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version:
2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common
(x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.)
Hidden Catalyst Control Center InstallProxy (x32
Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32
Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32
Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1155.19437
- Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version:
2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1156.19437 -
Advanced Micro Devices, Inc.) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 -
WildTangent) Hidden Compatibility Pack for the 2007 Office system
(HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation) Connected Music powered by Universal Music Group
version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1)
(Version: 1.0 - Snowite) Cradle of Rome 2 (x32 Version: 2.2.0.98 -
WildTangent) Hidden Crazy Chicken Soccer (x32 Version: 2.2.0.98 -
WildTangent) Hidden CyberLink LabelPrint
(HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243})
(Version: 2.5.3.6326 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3.6326 -
CyberLink Corp.) Hidden CyberLink Media Suite 10
(HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79})
(Version: 10.0.2.2114 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version:
10.0.2.2114 - CyberLink Corp.) Hidden CyberLink PhotoDirector
(HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A})
(Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PhotoDirector (x32 Version: 2.0.1.3119
- CyberLink Corp.) Hidden CyberLink PowerDirector 10
(HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32})
(Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version:
10.0.1.1925 - CyberLink Corp.) Hidden CyberLink PowerDVD
(HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B})
(Version: 10.0.6.4319 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.6.4319 -
CyberLink Corp.) Hidden CyberLink YouCam
(HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D})
(Version: 3.5.4.5527 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.4.5527 -
CyberLink Corp.) Hidden D1400 (x32 Version: 140.0.421.000 -
Hewlett-Packard) Hidden D1400_Help (x32 Version: 90.0.235.000 -
Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Hidden DeviceDiscovery (x32 Version: 140.0.298.000 -
Hewlett-Packard) Hidden dj_sf_ProductContext (x32 Version: 140.0.421.000
- Hewlett-Packard) Hidden dj_sf_software (x32 Version: 140.0.421.000 -
Hewlett-Packard) Hidden dj_sf_software_req (x32 Version: 140.0.421.000 -
Hewlett-Packard) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 -
Dropbox, Inc.) Energy Star
(HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 -
Hewlett-Packard) EPSON Printer Software (HKLM\...\EPSON Printer
and Utilities) (Version: - SEIKO EPSON Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online
Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.98 -
WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 -
WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome)
(Version: 36.0.1985.143 - Google Inc.) Google Earth
(HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version:
7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 -
Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32
Version: 2.2.0.95 - WildTangent) Hidden GPBaseService2 (x32 Version: 140.0.297.000 -
Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version:
1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard
(HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 -
Hewlett-Packard Company) HP Connected Music (Meridian - installer)
(HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio
Ltd) HP CoolSense
(HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version:
2.10.51 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32
Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0
(HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 3000 J310 series Basic Device
Software (HKLM\...\{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}) (Version:
28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3000 J310 series Help
(HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version:
140.0.66.66 - Hewlett Packard) HP Deskjet 3000 J310 series Product Improvement
Study (HKLM\...\{73A0F534-1455-4340-9747-5CE7D2825869}) (Version:
28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3520 series Basic Device Software
(HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version:
28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3520 series Help
(HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version:
27.0.0 - Hewlett Packard) HP Deskjet 3520 series Product Improvement Study
(HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version:
28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3520 series Setup Guide
(HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version:
27.0.0 - Hewlett Packard) HP Deskjet Printer Driver Software
(HKLM\...\{7262D84B-A6AA-40D2-B8DE-56B10EE28BE1}) (Version: 14.0 -
HP) HP Documentation
(HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version:
1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master
Uninstall) (Version: 1.0.3.0 - WildTangent) HP Imaging Device Functions 14.0 (HKLM\...\HP
Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo
Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by
RocketLife) HP Postscript Converter (Version: 3.1.3554 -
Hewlett-Packard) Hidden HP Quick Launch
(HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4
- Hewlett-Packard Company) HP Recovery Manager (x32 Version: 7.00 -
Hewlett-Packard) Hidden HP Registration Service
(HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version:
1.0.5976.4186 - Hewlett-Packard) HP SimplePass
(HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version:
6.0.100.244 - Hewlett-Packard) HP Software Framework
(HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version:
4.6.8.1 - Hewlett-Packard Company) HP Solution Center 14.0 (HKLM\...\HP Solution
Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant
(HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version:
7.4.45.4 - Hewlett-Packard Company) HP Support Solutions Framework
(HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version:
11.50.0019 - Hewlett-Packard Company) HP Update
(HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version:
5.003.003.001 - Hewlett-Packard) HP Utility Center
(HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7
- Hewlett-Packard) HP Wireless Button Driver
(HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version:
1.0.5.1 - Hewlett-Packard Company) HPPhotoGadget (x32 Version: 140.0.524.000 -
Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 -
Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 -
Hewlett-Packard) Hidden IDT Audio
(HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version:
1.0.6433.0 - IDT) Intel® Display Audio Driver
(HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version:
6.14.00.3097 - Intel Corporation) Intel® Management Engine Components
(HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version:
8.1.0.1252 - Intel Corporation) Intel® PRO/Wireless Driver (Version:
16.01.5000.0577 - Intel Corporation) Hidden Intel® PROSet/Wireless for Bluetooth® + High
Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version:
15.5.0.0344 - Intel Corporation) Intel® PROSet/Wireless Software for
Bluetooth® Technology
(HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version:
2.5.0.0248 - Motorola Solutions, Inc) Intel® Smart Connect Technology 3.0 x64
(HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version:
3.0.30.1526 - Intel) Intel® WiDi
(HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0
- Intel Corporation) Intel® PROSet/Wireless Software
(HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version:
16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version:
16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version:
1.24.388.1 - Intel Corporation) Hidden iTunes
(HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3
- Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 -
WildTangent) Hidden Jewel Quest II (x32 Version: 2.2.0.97 -
WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 -
WildTangent) Hidden Junk Mail filter update (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden LibreOffice 4.2.4.2
(HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version:
4.2.4.2 - The Document Foundation) Magical Jelly Bean KeyFinder
(HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean) Mahjongg Artifacts (x32 Version: 2.2.0.110 -
WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.2.1012
(HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 -
Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.299.000 -
Hewlett-Packard) Hidden Microsoft App Update for
microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
(x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version:
12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Word Viewer 2003
(HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version:
11.0.8173.0 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe)
(Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft OneNote 2013 - en-us
(HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4631.1004 -
Microsoft Corporation) Microsoft Silverlight
(HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU]
(HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:
3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:
8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version:
8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64
9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6})
(Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64
9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})
(Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475})
(Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable -
10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7})
(Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable -
10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64)
- 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1})
(Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86)
- 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a})
(Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime
- 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime -
11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime
- 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime -
11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 -
Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-GB)
(HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 -
Mozilla) Mozilla Maintenance Service
(HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 -
Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 -
Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 -
Microsoft) Hidden Mystery of Mortlake Mansion (x32 Version:
2.2.0.98 - WildTangent) Hidden Norton 360 (HKLM-x32\...\N360) (Version:
21.5.0.19 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component
(x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component
(Version: 15.0.4631.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component
(x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden PDF-Viewer
(HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version:
2.5.214.2 - Tracker Software Products Ltd) Photo Gallery (x32 Version: 16.4.3528.0331 -
Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 -
WildTangent) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD)
Hidden Ranch Rush 2 - Premium Edition (x32 Version:
2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver
(HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version:
8.3.730.2012 - Realtek) Realtek PCIE Card Reader
(HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version:
6.2.8400.27025 - Realtek Semiconductor Corp.) Shop for HP Supplies (HKLM\...\Shop for HP
Supplies) (Version: 14.0 - HP) SketchUp 2014
(HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version:
14.1.1282 - Trimble Navigation Limited) Skype Click to Call
(HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version:
7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18
(HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version:
6.18.106 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 -
Hewlett-Packard) Hidden Spotify (HKCU\...\Spotify) (Version:
0.9.11.27.g2b1a638c - Spotify AB) Status (x32 Version: 140.0.342.000 -
Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems,
Inc) Hidden Synaptics Pointing Device Driver
(HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics
Incorporated) Toolbox (x32 Version: 140.0.596.000 -
Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 -
Hewlett-Packard) Hidden Trinklit Supreme (x32 Version: 2.2.0.98 -
WildTangent) Hidden TVCatchup Desktop Player
(HKLM-x32\...\TVCDesktopPlayer) (Version: 0.1.50 - TVCatchup Limited) TVCatchup Desktop Player (x32 Version: 0.1.50 -
TVCatchup Limited) Hidden Update Installer for WildTangent Games App (x32
Version: - WildTangent) Hidden Validity WBF DDK
(HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0
- Validity Sensors, Inc.) Virtual Families (x32 Version: 2.2.0.98 -
WildTangent) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media
player) (Version: 2.1.3 - VideoLAN) WebReg (x32 Version: 140.0.297.017 -
Hewlett-Packard) Hidden Wedding Dash (x32 Version: 2.2.0.95 -
WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent
wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.6 -
WildTangent) Hidden Windows Live Communications Platform (x32
Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials
(HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft
Corporation) Windows Live Essentials (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 -
Microsoft Corporation) Hidden Windows Live Messenger (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 -
Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32
Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331
- Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version:
16.4.3528.0331 - Microsoft Corporation) Hidden XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1)
(Version: 3.4.1.201401221918 - XMind Ltd.) XML Notepad 2007
(HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version:
2.3.0.0 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.98 -
WildTangent) Hidden

========================= Devices:
================================

Name: Intel® Centrino® Wireless Bluetooth®
4.0 + High Speed Adapter Description: Intel® Centrino® Wireless
Bluetooth® 4.0 + High Speed Adapter Class Guid:
{e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action",
and then click "Enable Device". This starts the Enable
Device wizard. Follow the instructions.



========================= Memory info:
===================================

Percentage of memory in use: 9% Total physical RAM: 8074.77 MB Available physical RAM: 7325.61 MB Total Pagefile: 16266.77 MB Available Pagefile: 15579.15 MB Total Virtual: 4095.88 MB Available Virtual: 3982.54 MB

========================= Partitions:
=====================================

1 Drive c: () (Fixed) (Total:910.09 GB)
(Free:531.82 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:20.65 GB)
(Free:2.14 GB) NTFS 3 Drive e: (CanonEOS252W) (CDROM) (Total:0.2 GB)
(Free:0 GB) CDFS

========================= Users:
========================================

User accounts for \\NICK-LOUNGE

Administrator Guest
Nick
Wendy_000


========================= Minidump Files
==================================

No minidump file found

========================= Restore Points
==================================

10-08-2014 12:11:28 Installed HP Support
Solutions Framework 15-08-2014 06:53:24 Windows Update 18-08-2014 16:55:22 Installed Rapport 21-08-2014 15:07:25 HPSF Applying updates 24-08-2014 06:27:15 Installed Adobe Photoshop
Lightroom 4.3 64-bit. 25-08-2014 08:21:48 Restore Operation

**** End of log ****

 

 

Farbar Service Scanner Version: 21-07-2014 Ran by Nick (administrator) on 25-08-2014 at
15:10:41 Running from "C:\Users\Nick\Desktop" Microsoft Windows 8 (X64) Boot Mode: Network ****************************************************************

Internet Services: ============

Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible.



Windows Firewall: =============

Firewall Disabled Policy:
==================



System Restore: ============ VSS Service is not running. Checking service
configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK.



System Restore Disabled Policy:
========================



Action Center: ============

wscsvc Service is not running. Checking service
configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK.



Windows Update: ============ wuauserv Service is not running. Checking
service configuration: The start type of wuauserv service is set to
Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service
configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking
service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK.



Windows Autoupdate Disabled Policy:
============================



Windows Defender: ============== WinDefend Service is not running. Checking
service configuration: The start type of WinDefend service is set to
Demand. The default start type is Auto. The ImagePath of WinDefend service is OK.



Windows Defender Disabled Policy:
========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Defender] "DisableAntiSpyware"=DWORD:1



Other Services: ==============



File Check: ======== C:\Windows\System32\nsisvc.dll => File is
digitally signed C:\Windows\System32\drivers\nsiproxy.sys =>
File is digitally signed C:\Windows\System32\dhcpcore.dll => File is
digitally signed C:\Windows\System32\drivers\afd.sys => File
is digitally signed C:\Windows\System32\drivers\tdx.sys => File
is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File
is digitally signed C:\Windows\System32\dnsrslvr.dll => File is
digitally signed C:\Windows\System32\mpssvc.dll => File is
digitally signed C:\Windows\System32\bfe.dll => File is
digitally signed C:\Windows\System32\drivers\mpsdrv.sys =>
File is digitally signed C:\Windows\System32\SDRSVC.dll => File is
digitally signed C:\Windows\System32\vssvc.exe => File is
digitally signed C:\Windows\System32\wscsvc.dll => File is
digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File
is digitally signed C:\Windows\System32\wuaueng.dll => File is
digitally signed C:\Windows\System32\qmgr.dll => File is
digitally signed C:\Windows\System32\es.dll => File is
digitally signed C:\Windows\System32\cryptsvc.dll => File is
digitally signed C:\Program Files\Windows Defender\MpSvc.dll =>
File is digitally signed C:\Program Files\Windows Defender\MsMpEng.exe =>
File is digitally signed C:\Windows\System32\ipnathlp.dll => File is
digitally signed C:\Windows\System32\iphlpsvc.dll => File is
digitally signed C:\Windows\System32\svchost.exe => File is
digitally signed C:\Windows\System32\rpcss.dll => File is
digitally signed



**** End of log ****

 

Hi here are the logs.



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 PM

Posted 25 August 2014 - 02:11 PM

Hi,

 

It seems you router is giving timeout to the DNS requests but you have also several windows services down! Lets run two scans...

 

9OoOKtajgSmoOAS611kOcmffOCc4Sw.png AdwCleaner Scan

 

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

9OoOKtajgSmoOAS611kOcmffOCc4Sw.png JRT Scan

 

Download JRT to your Desktop

  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon JRT.jpg and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Enable your AntiVirus and AntiSpyware applications

 

Edit: Please disable Word Wrap in Notepad before posting the logs.

53.jpg

 

Uncheck the Word Wrap option on the Format menu.


Edited by SleepyDude, 25 August 2014 - 02:55 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 August 2014 - 03:33 AM

Hello here is the log for JRT scan. I accidently restarted the computer after the adwcleaner and lost the log. There was quite a lot of files, etc to clean (is there a way of retrieving this?

 

 

# AdwCleaner v3.308 - Report created 25/08/2014

at 21:11:45 # Updated 20/08/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Nick - NICK-LOUNGE # Running from :
C:\Users\Nick\Desktop\adwcleaner_3.308.exe # Option : Clean

***** [ Services ] *****



***** [ Files / Folders ] *****

Folder Deleted :
C:\Users\Wendy_000\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled Tasks ] *****



***** [ Shortcuts ] *****



***** [ Registry ] *****

Key Deleted :
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKLM\SOFTWARE\Microsoft\Internet
Explorer\Extension
Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : [x64]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054



-\\ Mozilla Firefox v30.0 (en-GB)

[ File :
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\q25gsf4l.default\prefs.js
]



-\\ Google Chrome v36.0.1985.143

[ File :
C:\Users\Nick\AppData\Local\Google\Chrome\User
Data\Default\preferences ]

Deleted [Startup_urls] :
hxxp://start.mysearchdial.com/?f=1&a=airmsd&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzyBtB0AtC0E0AtB0A0CtBtN0D0Tzu0CyCyDtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=314206343&ir= Deleted [Startup_urls] :
hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzyBtB0AtC0E0AtB0A0CtBtN0D0Tzu0CyCyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1648683582&ir= Deleted [Extension] :
mkfokfffehpeedafpekjeddnmnjhmcmk

[ File :
C:\Users\Wendy_000\AppData\Local\Google\Chrome\User
Data\Default\preferences ]

Deleted [Extension] :
mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [1525 octets] - [07/05/2014
20:55:04] AdwCleaner[R1].txt - [763 octets] - [07/05/2014
23:35:58] AdwCleaner[R2].txt - [1226 octets] - [14/07/2014
21:19:28] AdwCleaner[R3].txt - [1948 octets] - [14/07/2014
21:26:29] AdwCleaner[R4].txt - [2142 octets] - [29/07/2014
08:49:48] AdwCleaner[R5].txt - [2202 octets] - [29/07/2014
08:52:18] AdwCleaner[R6].txt - [323 octets] - [14/08/2014
22:12:56] AdwCleaner[R7].txt - [2579 octets] - [25/08/2014
21:10:08] AdwCleaner[S0].txt - [1372 octets] - [07/05/2014
20:55:58] AdwCleaner[S1].txt - [823 octets] - [07/05/2014
23:36:45] AdwCleaner[S2].txt - [2166 octets] - [29/07/2014
08:54:14] AdwCleaner[S3].txt - [2512 octets] - [25/08/2014
21:11:45]

########## EOF -
C:\AdwCleaner\AdwCleaner[S3].txt - [2572 octets] ##########

 

 

: Thismorning if this is helpful?...

 

# AdwCleaner v3.308 - Report created 26/08/2014
at 09:51:12 # Updated 20/08/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Nick - NICK-LOUNGE # Running from :
C:\Users\Nick\Desktop\adwcleaner_3.308.exe # Option : Clean

***** [ Services ] *****



***** [ Files / Folders ] *****

Folder Deleted :
C:\Users\Nick\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Deleted :
C:\Users\Wendy_000\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled Tasks ] *****



***** [ Shortcuts ] *****



***** [ Registry ] *****

Key Deleted :
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054



-\\ Mozilla Firefox v30.0 (en-GB)

[ File :
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\q25gsf4l.default\prefs.js
]



-\\ Google Chrome v36.0.1985.143

[ File :
C:\Users\Nick\AppData\Local\Google\Chrome\User
Data\Default\preferences ]

Deleted [Search Provider] :
hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=GB&ver=21&locale=en_GB&gct=sb&qsrc=2869 Deleted [Search Provider] :
hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=5C3884A6C872A1E7 Deleted [Search Provider] :
hxxp://uk.ask.com/web?q={searchTerms} Deleted [Search Provider] :
hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF Deleted [Extension] :
mkfokfffehpeedafpekjeddnmnjhmcmk

[ File :
C:\Users\Wendy_000\AppData\Local\Google\Chrome\User
Data\Default\preferences ]

Deleted [Search Provider] :
hxxp://uk.ask.com/web?q={searchTerms} Deleted [Search Provider] :
hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

*************************

AdwCleaner[R0].txt - [1525 octets] - [07/05/2014
20:55:04] AdwCleaner[R1].txt - [763 octets] - [07/05/2014
23:35:58] AdwCleaner[R2].txt - [1226 octets] - [14/07/2014
21:19:28] AdwCleaner[R3].txt - [1948 octets] - [14/07/2014
21:26:29] AdwCleaner[R4].txt - [2142 octets] - [29/07/2014
08:49:48] AdwCleaner[R5].txt - [2202 octets] - [29/07/2014
08:52:18] AdwCleaner[R6].txt - [323 octets] - [14/08/2014
22:12:56] AdwCleaner[R7].txt - [2579 octets] - [25/08/2014
21:10:08] AdwCleaner[R8].txt - [2252 octets] - [26/08/2014
09:34:55] AdwCleaner[S0].txt - [1372 octets] - [07/05/2014
20:55:58] AdwCleaner[S1].txt - [823 octets] - [07/05/2014
23:36:45] AdwCleaner[S2].txt - [2166 octets] - [29/07/2014
08:54:14] AdwCleaner[S3].txt - [2656 octets] - [25/08/2014
21:11:45] AdwCleaner[S4].txt - [2620 octets] - [26/08/2014
09:51:12]

########## EOF -
C:\AdwCleaner\AdwCleaner[S4].txt - [2680 octets] ##########

 

 

 

JRT log;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8 x64 Ran by Nick on 25/08/2014 at 21:36:18.87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







~~~ Services





~~~ Registry Values





~~~ Registry Keys





~~~ Files





~~~ Folders





~~~ Event Viewer Logs were cleared









~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25/08/2014 at 21:41:55.66 End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

The internet is now running, but is it likely to my computer has been compromised and can you please advise on what to do?

 

Thanks


Edited by Nick_593, 26 August 2014 - 04:00 AM.


#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 PM

Posted 26 August 2014 - 03:50 AM

Hello here is the log for JRT scan. I accidently restarted the computer after the adwcleaner and lost the log. There was quite a lot of files, etc to clean (is there a way of retrieving this?

 

It's Ok you can find the log if you open the folder C:\AdwCleaner
 

The internet is now running, but is it likely to my computer has been compromised and can you please advise on what to do?
 
Thanks

 

I need to see the log to confirm but most likely it has detected/removed PUP's and Adware they are not so bad as trojan or other malware, most times they are used to track user web activities to show advertisements, etc. the problem is they do many changes to the Windows configuration and that creates problems, some of them can download even more junk automatically resulting in a system almost unusable.

 

Post the log it will help me to decide what should be the next move.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 August 2014 - 04:03 AM

 

Hello here is the log for JRT scan. I accidently restarted the computer after the adwcleaner and lost the log. There was quite a lot of files, etc to clean (is there a way of retrieving this?

 

It's Ok you can find the log if you open the folder C:\AdwCleaner
 

The internet is now running, but is it likely to my computer has been compromised and can you please advise on what to do?
 
Thanks

 

I need to see the log to confirm but most likely it has detected/removed PUP's and Adware they are not so bad as trojan or other malware, most times they are used to track user web activities to show advertisements, etc. the problem is they do many changes to the Windows configuration and that creates problems, some of them can download even more junk automatically resulting in a system almost unusable.

 

Post the log it will help me to decide what should be the next move.

 

 

 

Hi I've added the logs above.

 

Thanks



#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 PM

Posted 26 August 2014 - 04:42 AM

Ok, let's run another scan, Adwcleaner deleted two times the same thing...
 
9OoOKtajgSmoOAS611kOcmffOCc4Sw.png Install and Scan with Malwarebytes

  • Please download Malwarebytes' Anti-Malware from here or here
  • Double Click the mbam-setup-2.x.x or mbam-setup MBAM2.jpg to install the application.
  • On the last step of installation make sure you uncheck the box Enable free trial of Malwarebytes Anti-Malware Premium then click Finish.
    MBAM2_Trial.png
  • If an update is found, it will download and install the latest updates automatically if not click Update Now »
    MBAM2_Updating.png
  • Click the Settings tab, and check the box next to Scan for rootkits:
    MBAM2_Settings.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM2_Scan.png
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, it will show the results:
    MBAM2_threat-detected.jpg
  • Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    MBAM2_RestartPrompt.png
  • After restarting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information

  • The log is automatically saved by MBAM and can be viewed by going to the History tab, clicking on Application Logs:
    MBAM2_Log.png
  • Select (check) the box next to Scan Log. Choose the most current scan, and click on the View button:
  • In the bottom of the Scanning History Log window that opens, click on Export > Save to Text file (*.txt) button. Save the report to your Desktop.
  • Copy & Paste the entire contents of the report log in your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 28 August 2014 - 03:21 AM

Hi thank-you very much. Here is the Malware bytes log.

 

Malwarebytes Anti-Malware www.malwarebytes.org

Scan Date: 27/08/2014 Scan Time: 12:23:11 Logfile: MWBYTES.txt Administrator: Yes

Version: 2.00.2.1012 Malware Database: v2014.08.26.07 Rootkit Database: v2014.08.21.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled

OS: Windows 8 CPU: x64 File System: NTFS User: Nick

Scan Type: Threat Scan Result: Completed Objects Scanned: 352719 Time Elapsed: 19 min, 11 sec

Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled

Processes: 0 (No malicious items detected)

Modules: 0 (No malicious items detected)

Registry Keys: 0 (No malicious items detected)

Registry Values: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Folders: 0 (No malicious items detected)

Files: 0 (No malicious items detected)

Physical Sectors: 0 (No malicious items detected)



(end)



#12 Nick_593

Nick_593
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 28 August 2014 - 03:27 AM

The internet has stopped working again, unless in safe mode. Would it be helpful to redo the scans or how could I fix this problems?

 

"It seems you router is giving timeout to the DNS requests but you have also several windows services down! Lets run two scans..." Could you explain the problems with the windows services?... I'm often having repeated problems with the internet....

 

 

Thank-you



#13 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 PM

Posted 28 August 2014 - 06:27 AM

Hi,

 

I want to completely discard the malware possibility and then we will work on the windows problems.

Please run two more scans.

 

Let's check some windows critical services...

9OoOKtajgSmoOAS611kOcmffOCc4Sw.pngFarbar Service Scanner (FSS) log
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

 

9OoOKtajgSmoOAS611kOcmffOCc4Sw.pngScan with ESET On-line Scanner

  • Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
    ESET_Scan.png
  • Select the option Enable detection of potential unwanted applications
  • Click on Advanced Settings, an check the following options:
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it can take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users