Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot access internet after running adware


  • Please log in to reply
20 replies to this topic

#1 mamama285

mamama285

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 30 January 2015 - 06:55 AM

Cannot access internet after running adwcleaner in attempt to clear malware bestsaveforyou. WiFi is working fine so it's a problem in my comp. Tried resetting ipv4 6 using cmd. Tried scanning for malicious file. Windows 8. Thanks in advance.

Edited by mamama285, 30 January 2015 - 06:55 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 30 January 2015 - 07:07 AM

Hello, 
Could you please post the adwcleaner log? You can find it at C:\AdwCleaner-xxx.txt (where xxx is the time stamp, just post the latest log).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 mamama285

mamama285
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 30 January 2015 - 07:58 AM

I got two files. 

 

# AdwCleaner v4.109 - Report created 30/01/2015 at 10:25:41
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : MAYM - ASUS
# Running from : C:\Users\MAYM\Downloads\adwcleaner_4.109.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\drivers\hssdrv6.sys
File Found : C:\Windows\System32\drivers\taphss6.sys
Folder Found : C:\Program Files (x86)\500Couponus
Folder Found : C:\Program Files (x86)\DigiSeavero
Folder Found : C:\Program Files (x86)\DigiSeavero
Folder Found : C:\Program Files (x86)\ExstraCoupoN
Folder Found : C:\Program Files (x86)\ExstraCoupoN
Folder Found : C:\Program Files (x86)\Happy2oSavE
Folder Found : C:\Program Files (x86)\Happy2oSavE
Folder Found : C:\Program Files (x86)\hotspot shield
Folder Found : C:\Program Files (x86)\SaveLLoaTs
Folder Found : C:\Program Files (x86)\Unisales
Folder Found : C:\Program Files (x86)\Uonisaleso
Folder Found : C:\ProgramData\863c7b8db5ddbf16
Folder Found : C:\ProgramData\9672741948256796438
Folder Found : C:\ProgramData\DigiSeavero
Folder Found : C:\ProgramData\DigiSeavero
Folder Found : C:\ProgramData\ExstraCoupoN
Folder Found : C:\ProgramData\ExstraCoupoN
Folder Found : C:\ProgramData\Happy2oSavE
Folder Found : C:\ProgramData\Happy2oSavE
Folder Found : C:\ProgramData\hgidnmoaghbbccnhpnpjhamkhgljkmfg
Folder Found : C:\ProgramData\hotspot shield
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found : C:\ProgramData\mjndbmolmlgkkngbohmjbdinepjcgldn
Folder Found : C:\ProgramData\null
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\Users\MAYM\AppData\Roaming\EZDownloader
Folder Found : C:\Users\MAYM\AppData\Roaming\hotspot shield
Folder Found : C:\Windows\SysWOW64\hotspot shield
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4e773dff-0635-4589-99bb-506802950ff8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e773dff-0635-4589-99bb-506802950ff8}
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4e773dff-0635-4589-99bb-506802950ff8}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\P07d082bf_6148_4f84_a6f6_c8e696632021_.P07d082bf_6148_4f84_a6f6_c8e696632021_
Key Found : HKLM\SOFTWARE\Classes\P07d082bf_6148_4f84_a6f6_c8e696632021_.P07d082bf_6148_4f84_a6f6_c8e696632021_.9
Key Found : HKLM\SOFTWARE\Classes\P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_
Key Found : HKLM\SOFTWARE\Classes\P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.9
Key Found : HKLM\SOFTWARE\Classes\P383d559d_37b7_4f75_b89d_2115c4cf93d5_.P383d559d_37b7_4f75_b89d_2115c4cf93d5_
Key Found : HKLM\SOFTWARE\Classes\P383d559d_37b7_4f75_b89d_2115c4cf93d5_.P383d559d_37b7_4f75_b89d_2115c4cf93d5_.9
Key Found : HKLM\SOFTWARE\Classes\P4e773dff_0635_4589_99bb_506802950ff8_.P4e773dff_0635_4589_99bb_506802950ff8_
Key Found : HKLM\SOFTWARE\Classes\P4e773dff_0635_4589_99bb_506802950ff8_.P4e773dff_0635_4589_99bb_506802950ff8_.9
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKLM\SOFTWARE\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e773dff-0635-4589-99bb-506802950ff8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7254d244}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4e773dff-0635-4589-99bb-506802950ff8}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10660115926853371194&lg=EN&cc=GB&unqvl=74
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10660115926853371194&lg=EN&cc=GB&unqvl=74
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\MAYM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0F0D0AtDtByByE0Czz0E0EtN0D0Tzu0CyCtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1102730248&ir=
[C:\Users\MAYM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10660115926853371194&lg=EN&cc=GB&unqvl=74
 
*************************
 
AdwCleaner[R0].txt - [7964 octets] - [30/01/2015 10:25:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8024 octets] ##########
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v4.109 - Report created 30/01/2015 at 10:28:46
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : MAYM - ASUS
# Running from : C:\Users\MAYM\Downloads\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\DigiSeavero
Folder Deleted : C:\ProgramData\ExstraCoupoN
Folder Deleted : C:\ProgramData\Happy2oSavE
Folder Deleted : C:\ProgramData\863c7b8db5ddbf16
Folder Deleted : C:\ProgramData\9672741948256796438
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\DigiSeavero
Folder Deleted : C:\Program Files (x86)\ExstraCoupoN
Folder Deleted : C:\Program Files (x86)\Happy2oSavE
Folder Deleted : C:\Program Files (x86)\500Couponus
Folder Deleted : C:\Program Files (x86)\SaveLLoaTs
Folder Deleted : C:\Program Files (x86)\Unisales
Folder Deleted : C:\Program Files (x86)\Uonisaleso
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\MAYM\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\MAYM\AppData\Roaming\hotspot shield
Folder Deleted : C:\ProgramData\hgidnmoaghbbccnhpnpjhamkhgljkmfg
Folder Deleted : C:\ProgramData\mjndbmolmlgkkngbohmjbdinepjcgldn
Folder Deleted : C:\ProgramData\null
File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\P07d082bf_6148_4f84_a6f6_c8e696632021_.P07d082bf_6148_4f84_a6f6_c8e696632021_
Key Deleted : HKLM\SOFTWARE\Classes\P07d082bf_6148_4f84_a6f6_c8e696632021_.P07d082bf_6148_4f84_a6f6_c8e696632021_.9
Key Deleted : HKLM\SOFTWARE\Classes\P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_
Key Deleted : HKLM\SOFTWARE\Classes\P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.P37d04e1f_17b0_4302_8ca0_4e34ae2f7779_.9
Key Deleted : HKLM\SOFTWARE\Classes\P383d559d_37b7_4f75_b89d_2115c4cf93d5_.P383d559d_37b7_4f75_b89d_2115c4cf93d5_
Key Deleted : HKLM\SOFTWARE\Classes\P383d559d_37b7_4f75_b89d_2115c4cf93d5_.P383d559d_37b7_4f75_b89d_2115c4cf93d5_.9
Key Deleted : HKLM\SOFTWARE\Classes\P4e773dff_0635_4589_99bb_506802950ff8_.P4e773dff_0635_4589_99bb_506802950ff8_
Key Deleted : HKLM\SOFTWARE\Classes\P4e773dff_0635_4589_99bb_506802950ff8_.P4e773dff_0635_4589_99bb_506802950ff8_.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7254d244}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4e773dff-0635-4589-99bb-506802950ff8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e773dff-0635-4589-99bb-506802950ff8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4e773dff-0635-4589-99bb-506802950ff8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e773dff-0635-4589-99bb-506802950ff8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{07d082bf-6148-4f84-a6f6-c8e696632021}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37d04e1f-17b0-4302-8ca0-4e34ae2f7779}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{383d559d-37b7-4f75-b89d-2115c4cf93d5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4e773dff-0635-4589-99bb-506802950ff8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\MAYM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0F0D0AtDtByByE0Czz0E0EtN0D0Tzu0CyCtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1102730248&ir=
[C:\Users\MAYM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10660115926853371194&lg=EN&cc=GB&unqvl=74
 
*************************
 
AdwCleaner[R0].txt - [8136 octets] - [30/01/2015 10:25:41]
AdwCleaner[S0].txt - [7341 octets] - [30/01/2015 10:28:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7401 octets] ##########
 


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 30 January 2015 - 03:41 PM

Please press Windows key + X. In the menu that opens click on "Command Prompt (Admin)".

In the command window type netsh winsock reset and press enter. You should get an OK/success message. After that restart the computer and see if your internet works.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 mamama285

mamama285
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 30 January 2015 - 03:59 PM

done. Problem still here.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 30 January 2015 - 04:32 PM

Hi, lets see if the following log can show us what the problem is. :)

 

3Al62Pm.pngMiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 31 January 2015 - 09:55 AM

What does your network map show? can connect to the router? but not to the internet? 

 

Have you unplugged the router and/or modem and plug them back in?


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#8 mamama285

mamama285
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 31 January 2015 - 05:04 PM

MiniToolBox by Farbar Version: 30-11-2014
Ran by MAYM (administrator) on 31-01-2015 at 22:00:40
Running from "C:\Users\MAYM\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= IP Configuration: ================================

Qualcomm Atheros AR946x Wireless Network Adapter = Wi-Fi (Connected)
Anchorfree HSS VPN Adapter = Ethernet (Hardware not present)
Anchorfree HSS VPN Adapter = Ethernet 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : asus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 54-27-1E-E5-5F-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
5...54 27 1e e5 5f 0a ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/31/2015 02:45:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/31/2015 02:39:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/30/2015 03:26:42 PM) (Source: Application Hang) (User: )
Description: The program fm.exe version 15.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16ac

Start Time: 01d03ca0721f4ea3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe

Report Id: 638136c6-a894-11e4-828f-54271ee55f0a

Faulting package full name:

Faulting package-relative application ID:

Error: (01/30/2015 03:22:09 PM) (Source: Application Hang) (User: )
Description: The program HTCSyncManager.exe version 3.1.36.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 774

Start Time: 01d03c8b9d93c48f

Termination Time: 7

Application Path: C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe

Report Id: bdc7a126-a893-11e4-828f-54271ee55f0a

Faulting package full name:

Faulting package-relative application ID:

Error: (01/30/2015 11:54:59 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1358

Start Time: 01d03c834b4c5faa

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 92409c49-a876-11e4-828e-54271ee55f0a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.WindowsLive.People

Error: (01/30/2015 11:53:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/30/2015 11:53:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.People did not launch within its allotted time.


System errors:
=============
Error: (01/31/2015 09:56:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/31/2015 09:56:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/31/2015 02:45:21 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1

Error: (01/31/2015 02:39:50 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1

Error: (01/30/2015 03:26:42 PM) (Source: Application Hang)(User: )
Description: fm.exe15.2.0.016ac01d03ca0721f4ea34294967295C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe638136c6-a894-11e4-828f-54271ee55f0a

Error: (01/30/2015 03:22:09 PM) (Source: Application Hang)(User: )
Description: HTCSyncManager.exe3.1.36.077401d03c8b9d93c48f7C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exebdc7a126-a893-11e4-828f-54271ee55f0a

Error: (01/30/2015 11:54:59 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17031135801d03c834b4c5faa4294967295C:\Windows\system32\wwahost.exe92409c49-a876-11e4-828e-54271ee55f0amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweMicrosoft.WindowsLive.People

Error: (01/30/2015 11:53:22 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People-2144927142

Error: (01/30/2015 11:53:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.People


CodeIntegrity Errors:
===================================
Date: 2015-01-18 22:30:49.121
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-14 10:59:07.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-08 06:26:14.649
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-01-02 08:07:39.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-14 05:11:11.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-04 10:00:18.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-01 17:01:09.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 10:20:47.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 13:27:49.231
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-12 20:12:53.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.



=========================== Installed Programs ============================
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.145.43581 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.145.43581 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.23.51 - Conexant)
EA SPORTS FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.3.0.0 - Electronic Arts)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version: - )
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.169.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
NVIDIA Control Panel 344.65 (Version: 344.65 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.172.1357 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.1 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.10.398 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{8780DFA8-7E56-43B1-93DB-FE001F8290D7}) (Version: 2.0.1411.2413 - SplitmediaLabs)

**** End of log ****

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 01 February 2015 - 05:36 AM

Lets have a look at some internet-related services as well to make sure everything is in place.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 mamama285

mamama285
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 01 February 2015 - 08:20 AM

Farbar Service Scanner Version: 17-01-2015
Ran by MAYM (administrator) on 01-02-2015 at 13:14:58
Running from "C:\Users\MAYM\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#11 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 01 February 2015 - 08:51 AM

If you are going to run scans and nothing else, why not have this moved back to the 'Am I infected?' area?


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 01 February 2015 - 09:58 AM

@ CaveDweller2, why, if this is a problem with the internet? Do you see any malware problem rather than a networking issue? It just seems to me that blindly trying out things when you can easily get some basic information regarding the problem is a lot more productive than just randomly commenting solutions proposed by others. :)

 

@ mamama285, I suspect the cause of the problems is the incorrect removal of HotSpotshield by AdwCleaner. This program itself is legitimate, but sometimes bundled with other installers which is why I assume it was detected.

the easiest solution would be to reinstall the program, then uninstall it using its own uninstall utility so that all components are removed correctly. 

Before continuing, can you please let me know if you'd like to use Hotspotshield or if it had ended up on your computer without your knowledge.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 mamama285

mamama285
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 01 February 2015 - 12:16 PM

Elise you are the man!!! It turned out you are right. I simply installed hotspot shield and uninstalled it again and everything is good again!!!!!!!!! I did install and use hotspotshield myself just fyi.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 01 February 2015 - 12:46 PM

I'm glad to hear that! The program is perfectly legitimate, the problem is that a tool like AdwCleaner detects parts of it, but not all. The following gave an indication to a possible cause of the problem (and shows once again that getting some information first is always a good idea :)):

 

File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
...
Anchorfree HSS VPN Adapter = Ethernet (Hardware not present)
Anchorfree HSS VPN Adapter = Ethernet 2 (Hardware not present)

 

 
Happy computing! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 01 February 2015 - 02:17 PM

My point still stands. This was an issue caused by a malware cleaning program. I didn't say anything about not getting information, I was simply saying that these are not scans we here in networking area deal with. They are dealt with over in the malware section and I was correct that someone that knows about malware removal made the suggestion on how to fix it. It is fixed so it doesn't matter.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users