Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple "Bad Image" Errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 Grandza

Grandza

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 30 August 2015 - 12:34 PM

I had been overseas for about 3 weeks so I wasn't sure what my mum/bro did in particular with my computer but when I returned and started up my computer, I started receiving multiple bad image errors like logonUI.exe etc. My windows appearance changed as though it is on safe mode. My chrome and firefox kept showing the bad image errors & entry point not found whenever I opened it. System restore is also not possible as it kept saying that system restore does not appear to be functioning correctly on this system and I tried the sfc /scannow method & it showed that it could not be fixed. Downloaded spyhunt but it keeps crashing at a certain number of scanned files. Downloaded MBAM,and superantispyware as well and although prompted that there were some detections, the problem still persists after I fixed and restart the computer. Repeatedthe procedure for a second time but to no avail. Decided to try Combofix and have no idea what to do with the log that it produced so here I am to ask for solutions. Appreciate it if you will be able to help me.Thanks in advance. Heres the log from Combofix. Hope to hear from anyone soon!

 

 

 

 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

ComboFix 15-08-27.01 - OEM 31/08/2015   0:45.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.65.1033.18.3071.2053 [GMT 8:00]
Running from: c:\users\OEM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\OEM\AppData\Local\assembly\tmp
c:\windows\Fonts\BOOKOS.TTF
c:\windows\system32\aeinv.dll
c:\windows\system32\appraiser.dll
c:\windows\system32\d3d10warp.dll
.
c:\windows\system32\dsound.dll . . . is infected!!
.
c:\windows\system32\ssdpsrv.dll . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-28 to 2015-08-30  )))))))))))))))))))))))))))))))
.
.
2015-08-30 16:06 . 2015-08-30 16:21 -------- d-----w- c:\program files\Registry Easy
2015-08-30 14:13 . 2015-08-30 14:13 -------- d-----w- c:\users\OEM\AppData\Roaming\SUPERAntiSpyware.com
2015-08-30 14:12 . 2015-08-30 14:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-08-30 14:12 . 2015-08-30 14:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-08-30 14:10 . 2015-08-30 14:10 -------- d-----w- C:\FRST
2015-08-30 13:26 . 2015-08-30 15:12 -------- d-----w- C:\AdwCleaner
2015-08-30 04:45 . 2015-08-30 16:39 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-30 04:45 . 2015-08-30 04:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-30 04:45 . 2015-08-30 04:45 -------- d-----w- c:\programdata\Malwarebytes
2015-08-30 04:45 . 2015-06-18 00:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-30 04:45 . 2015-06-18 00:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-30 04:45 . 2015-06-18 00:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-29 21:17 . 2015-08-29 21:18 -------- d-----w- c:\programdata\Avg
2015-08-29 21:17 . 2015-08-29 21:17 -------- d-----w- c:\users\OEM\AppData\Local\Avg
2015-08-29 02:17 . 2015-08-29 02:17 -------- d-----w- c:\program files\Common Files\Skype
2015-08-29 01:15 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCEC0F44-E2D4-476E-B536-E1782356A5CC}\mpengine.dll
2015-08-20 19:01 . 2015-08-20 19:01 -------- d-----w- C:\e7bfe3ddcb93c79ad0367c7b69b896d5
2015-08-17 15:12 . 2015-08-17 15:13 -------- d-----w- C:\5083630536ea8cb2e4
2015-08-17 15:12 . 2015-08-17 15:12 -------- d-----w- C:\9c501d4a5ecd17e035c1f9dcfa
2015-08-17 15:11 . 2015-08-17 15:12 -------- d-----w- C:\244d55c7935b1293cc8dbfc041
2015-08-15 01:08 . 2015-08-15 01:08 -------- d-----w- C:\b2dea09c71b02b64831d78
2015-08-15 01:08 . 2015-08-15 01:08 -------- d-----w- C:\c608f423a25020ef1f76a281548bd8
2015-08-15 01:07 . 2015-08-15 01:08 -------- d-----w- C:\f9031d29a64750ab96b6
2015-08-14 19:02 . 2015-08-14 19:03 -------- d-----w- C:\ea047e54fbe3f30be6e886
2015-08-14 19:02 . 2015-08-14 19:02 -------- d-----w- C:\7ea8bb8763fb5ebc6df790849a632d
2015-08-14 19:01 . 2015-08-14 19:02 -------- d-----w- C:\b398446e7795837984e748ad
2015-08-13 19:08 . 2015-08-13 19:08 -------- d-----w- C:\ffa7ef4700901d6d0661f113efc879cc
2015-08-13 19:02 . 2015-08-13 19:02 -------- d-----w- C:\bdccf5737469d4f2e6f6b184a8a6
2015-08-13 19:01 . 2015-08-13 19:02 -------- d-----w- C:\ae2584804283ae0a699ac7f76960a8
2015-08-13 17:43 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-08-13 17:43 . 2015-07-10 17:34 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-13 17:43 . 2015-07-10 17:33 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-08-12 19:09 . 2015-08-12 19:10 -------- d-----w- C:\68cd6b693b23ff15ff
2015-08-12 19:08 . 2015-08-12 19:08 -------- d-----w- C:\7beb1d941c6a065028b7a1b1
2015-08-12 19:04 . 2015-08-12 19:04 -------- d-----w- C:\15a5815460c5ee375d80c9a9a724
2015-08-12 19:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:47 . 2015-08-11 19:47 9284296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-08-11 19:31 . 2015-07-30 16:49 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-11 19:31 . 2015-07-30 17:57 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-08-11 19:31 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-08-11 19:31 . 2015-07-30 16:52 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-08-11 19:31 . 2015-07-30 17:57 26624 ----a-w- c:\windows\system32\lpk.dll
2015-08-11 19:31 . 2015-07-30 17:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-08-11 19:31 . 2015-07-30 17:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-08-11 19:31 . 2015-07-30 17:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-11 19:31 . 2015-05-09 18:09 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 19:24 . 2015-08-29 17:04 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-11 19:24 . 2015-08-29 17:04 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-11 19:24 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-11 19:24 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-11 19:01 . 2015-08-11 19:02 -------- d-----w- C:\85d6619704c5bbe5b1b9734030f8
2015-08-09 19:42 . 2015-08-09 19:43 -------- d-----w- C:\4cb4434cca40e885da48ed531a
2015-08-09 19:42 . 2015-08-09 19:42 -------- d-----w- C:\b44d899308d163874619e63609
2015-08-09 19:03 . 2015-08-09 19:03 -------- d-----w- C:\46bc163d5fea16d6c5381b27b8f139
2015-08-09 19:02 . 2015-08-09 19:03 -------- d-----w- C:\717b67c883d209f9db23
2015-08-09 19:01 . 2015-08-09 19:02 -------- d-----w- C:\c171c56c8174f92593cb
2015-08-08 18:45 . 2015-08-08 18:46 -------- d-----w- C:\8addc70ff5e663fbf409be
2015-08-08 18:45 . 2015-08-08 18:45 -------- d-----w- C:\eb555795c230347bd1c0bb76
2015-08-08 18:44 . 2015-08-08 18:45 -------- d-----w- C:\1b66a71bbf07900d2f6b528c
2015-08-07 19:38 . 2015-08-07 19:39 -------- d-----w- C:\7c92bfd6740ca343131273c110
2015-08-07 19:38 . 2015-08-07 19:38 -------- d-----w- C:\901e2e944bdd0a32b4
2015-08-07 19:37 . 2015-08-07 19:38 -------- d-----w- C:\060be7d73a46fbcef80e0eed107592
2015-08-07 19:02 . 2015-08-07 19:03 -------- d-----w- C:\e8f49123901e4aaa5b
2015-08-07 19:02 . 2015-08-07 19:02 -------- d-----w- C:\faa46fa1244a195a2e36a6
2015-08-07 19:01 . 2015-08-07 19:02 -------- d-----w- C:\ea0b276df61ad12870ec3c
2015-08-06 19:04 . 2015-08-06 19:04 -------- d-----w- C:\f0802d82cd1bca2b90
2015-08-06 19:03 . 2015-08-06 19:04 -------- d-----w- C:\26aecdd66eeca73f50d107ebeb12c4
2015-08-06 19:01 . 2015-08-06 19:03 -------- d-----w- C:\f8965006a50bd5b33b
2015-08-03 19:54 . 2015-08-03 19:54 -------- d-----w- C:\bcb3c631b9c6098a82e79a493c
2015-08-03 19:54 . 2015-08-03 19:54 -------- d-----w- C:\9d084749118a80127e78f302b9f4
2015-08-03 19:53 . 2015-08-03 19:54 -------- d-----w- C:\87447370bc43a317596b514a8554ba5b
2015-08-03 19:49 . 2015-08-03 19:49 -------- d-----w- c:\users\OEM\AppData\Local\CEF
2015-08-03 19:03 . 2015-08-03 19:04 -------- d-----w- C:\467b3e480889dc04a9c7d15beb3e97
2015-08-03 19:03 . 2015-08-03 19:03 -------- d-----w- C:\3be9cceb3269ee562fc26abb
2015-08-03 19:01 . 2015-08-03 19:03 -------- d-----w- C:\2892be5be9823d920b
2015-08-02 17:42 . 2015-08-02 17:42 -------- d-----w- C:\0cc32f546ebcddfb4462018c4b
2015-08-02 17:42 . 2015-08-02 17:42 -------- d-----w- C:\b76e39f9371b67d0860d0bf8df662fd1
2015-08-02 17:40 . 2015-08-02 17:42 -------- d-----w- C:\3e522ac5d78fe031298a5c941dc84c
2015-08-01 18:12 . 2015-08-01 18:12 -------- d-----w- C:\88a514156f1ec625bf
2015-08-01 18:12 . 2015-08-01 18:12 -------- d-----w- C:\74eed51fc00013afd7efd66646
2015-08-01 18:10 . 2015-08-01 18:12 -------- d-----w- C:\bad218befb461ab42bb95d
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-29 17:07 . 2012-03-10 20:19 33280 ----a-w- c:\windows\system32\wiarpc.dll
2015-08-29 17:07 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2015-08-29 17:07 . 2009-07-13 23:33 288768 ----a-w- c:\windows\system32\w32time.dll
2015-08-29 17:05 . 2014-08-14 05:36 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2015-08-29 17:05 . 2009-07-13 23:12 43520 ----a-w- c:\windows\system32\RpcEpMap.dll
2015-08-29 17:05 . 2009-07-13 23:54 73728 ----a-w- c:\windows\system32\drivers\raspptp.sys
2015-08-29 17:05 . 2015-01-28 09:47 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-08-29 17:05 . 2013-11-14 15:16 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-08-29 17:03 . 2015-07-11 06:27 22528 ----a-w- c:\windows\system32\lsass.exe
2015-08-29 17:03 . 2015-07-11 06:27 22016 ----a-w- c:\windows\system32\secur32.dll
2015-08-29 17:03 . 2015-07-11 06:27 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-08-29 17:03 . 2009-07-13 23:42 20268032 ----a-w- c:\windows\system32\imageres.dll
2015-08-29 17:01 . 2012-03-10 20:20 1493504 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-08-29 17:01 . 2009-07-13 23:28 717824 ----a-w- c:\windows\system32\dui70.dll
2015-08-29 17:01 . 2013-12-12 13:54 159232 ----a-w- c:\windows\system32\imagehlp.dll
2015-08-29 16:48 . 2014-06-11 17:53 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-08-29 16:47 . 2015-03-22 01:19 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-11 19:47 . 2012-05-28 15:11 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-11 19:47 . 2012-03-10 13:43 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-04 17:48 . 2015-07-15 06:08 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-06-26 11:03 . 2015-06-26 11:03 584848 ----a-w- C:\SecurityScanner.dll
2015-06-23 05:27 . 2012-03-10 04:57 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:39 . 2015-07-15 06:08 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-16 17:01 . 2015-06-16 17:01 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-08 02:59 . 2015-06-08 02:59 114304 ----a-w- c:\windows\system32\drivers\scdemu.sys
2015-06-01 23:47 . 2015-07-15 06:14 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2015-05-09 . 8D5CC74BFA8F947CB283527806DB7B1F . 872448 . . [6.1.7601.23049] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_963344b1cdbf5861\kernel32.dll
[-] 2015-05-09 . 957655757F43858692289B96F73716D8 . 868352 . . [6.1.7601.18015] . . c:\windows\System32\kernel32.dll
[-] 2015-05-09 . 957655757F43858692289B96F73716D8 . 868352 . . [6.1.7601.18015] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_95a7cf30b4a352a7\kernel32.dll
[7] 2014-04-12 . 0ACC3056081E646E242A8EAB2348271A . 872448 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_96229535cdccb191\kernel32.dll
[7] 2014-03-04 . 8237BF64FDD5FF36985070B8EBEF144D . 872448 . . [6.1.7601.22616] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_9650d5c3cda98dd2\kernel32.dll
[7] 2014-03-04 . F74FFA7654702F81884BDB41EB80DAC2 . 868352 . . [6.1.7601.18409] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_95d507dcb48120f5\kernel32.dll
[7] 2013-08-02 . 071350D18F2ABC93496040F44D44F592 . 868352 . . [6.1.7601.22411] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_964bd085cdae14d1\kernel32.dll
[7] 2013-08-02 . 6933E2AFF444A7A95D5C67E98449163E . 868352 . . [6.1.7601.18229] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_95bf6438b4915e89\kernel32.dll
[7] 2013-01-04 . F14125F0B2ACB29963E896E3441DC30C . 868352 . . [6.1.7601.22209] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll
[7] 2013-01-04 . A2CB61B68566F6DB067607273119D27B . 868352 . . [6.1.7600.17206] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_93eba260b75d7468\kernel32.dll
[7] 2013-01-04 . 89C816E5DA817EB6E97BAC7E644041E8 . 868352 . . [6.1.7600.21416] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_946a7125d0832d4a\kernel32.dll
[7] 2012-11-30 . 6D0D4B00C7CB4FA829F396A83B327894 . 868352 . . [6.1.7601.22177] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll
[7] 2012-11-30 . E9F8A2515D2ADCB9B1208E3576AB31D2 . 868352 . . [6.1.7600.17179] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_93a2f1e4b79386dd\kernel32.dll
[7] 2012-11-30 . AE09B85158C66E2C154C5C9B3C0027B3 . 868352 . . [6.1.7601.18015] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll
[7] 2012-11-30 . 22BB6AFDE3D162C3F5E631267070E46D . 868352 . . [6.1.7600.21386] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_941ebfcbd0bbf3ba\kernel32.dll
[7] 2012-10-04 . A49F39AD51987F9360C316D85040D763 . 868352 . . [6.1.7600.21335] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_9453cf1dd0944eae\kernel32.dll
[7] 2012-10-04 . 5EB52C62998CF36BAE774FC67775EAEB . 868352 . . [6.1.7600.17135] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_93ca306cb776b1bd\kernel32.dll
[7] 2012-10-04 . 3ED262888758E350C29E02207AF9AC59 . 868352 . . [6.1.7601.17965] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[7] 2012-10-04 . 63350392C018D28C87E6FCB638DFCFE8 . 868352 . . [6.1.7601.22125] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[7] 2012-08-20 . 0B0ACE1E9F27AA44B4FAC72F881B908C . 868352 . . [6.1.7600.21306] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_94753f2bd07b1432\kernel32.dll
[7] 2012-08-20 . 6F93A0F455963DC8A9A16BB682C8D589 . 868352 . . [6.1.7601.17932] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll
[7] 2012-08-20 . 9139B25AA9CA8749A11F2BE863EF391B . 868352 . . [6.1.7601.22091] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll
[7] 2012-08-18 . 8EA21D5227121072B985525B6C0C36A0 . 868352 . . [6.1.7600.17107] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_93eca0c4b75c9098\kernel32.dll
[7] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[7] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7601.17651] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[7] 2011-07-16 . 12DD18C6ECADEDB922E40B494D315206 . 868352 . . [6.1.7600.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[7] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[7] 2009-12-08 . EB7B2309A2B16EEB73C2C13477FEF8FB . 857088 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll
[7] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[7] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
.
[-] 2009-07-14 01:16 . 0C345FCD2174317155D4561828126E86 . 162816 . . [------] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-07-14 01:16 . 0C345FCD2174317155D4561828126E86 . 162816 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[-] 2009-07-14 01:15 . FE4AE35AD3F049C0087A6491B4A32AD9 . 453632 . . [------] . . c:\windows\System32\dsound.dll
[-] 2009-07-14 01:15 . FE4AE35AD3F049C0087A6491B4A32AD9 . 453632 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\OEM\AppData\Roaming\uTorrent\uTorrent.exe" [2015-08-01 1693024]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-07-30 6815512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2015-01-28 296520]
"RealDownloader"="c:\program files\RealNetworks\RealDownloader\downloader2.exe" [2014-10-29 560192]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2015-06-08 366904]
.
c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-4-30 453808]
RealPlayer Cloud Service UI.lnk - c:\program files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2015-1-28 824416]
WinZip Preloader.lnk - c:\program files\WinZip\WzPreloader.exe [2015-4-30 126176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 12:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 11:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 08:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 0]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-01-28 108032]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2015-01-28 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-29 31856]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 d710bus;HSPA+ Router (WDM);c:\windows\system32\DRIVERS\d710bus.sys [2011-08-18 123208]
R3 d710mdfl;D-Link HSPA+ USB Modem1 Filter;c:\windows\system32\DRIVERS\d710mdfl.sys [2011-08-18 14920]
R3 d710mdm;D-Link HSPA+ USB Modem1 Driver;c:\windows\system32\DRIVERS\d710mdm.sys [2011-08-18 139080]
R3 d710mgmt;D-Link HSPA+ USB Device Management Drivers (WDM);c:\windows\system32\DRIVERS\d710mgmt.sys [2011-08-18 132808]
R3 d710ncmnd62;D-Link HSPA+ USB Ethernet  (NDIS 6.20);c:\windows\system32\DRIVERS\d710ncmnd62.sys [2011-08-18 30792]
R3 d710ncmunic;D-Link HSPA+ USB Ethernet;c:\windows\system32\DRIVERS\d710ncmunic.sys [2011-08-18 149832]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 14848]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-08-15 37664]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-30 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ    DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-30 14:13 993608 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 19:47]
.
2015-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-30 14:13]
.
2015-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-30 14:13]
.
2015-08-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1de36ea3-ad50-4320-a164-567df51b7734.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-08-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 639a7d3a-9ba6-485e-a47d-46698e23dc55.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
MSConfigStartUp-GarenaPlus - c:\program files\Garena Plus\GarenaMessenger.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-31  00:55:15
ComboFix-quarantined-files.txt  2015-08-30 16:55
.
Pre-Run: 353,899,540,480 bytes free
Post-Run: 353,856,098,304 bytes free
.
- - End Of File - - F8036EA50326D2365A7919D131FBBA44
A36C5E4F47E84449FF07ED3517B43A31
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 31 August 2015 - 06:47 AM

Hey,
I will answer soon.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 31 August 2015 - 06:55 AM

Hey, :)

Never ever run ComboFix without permission by an expert.

 

STEP 1
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 2
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • c:\windows\System32\dsound.dll
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
  • Please do the same for the file below:
    • c:\windows\System32\ssdpsrv.dll

=================

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Grandza

Grandza
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 31 August 2015 - 10:15 AM

Hey thanks so much for replying. But I think I'm gonna need to send it to the shop for repairs. Its gotten so bad to the extent that my mouse and keyboard won't work after the start up page. Hence it's started hanging after the windows startup. Do you have a solution for that? Thanks anyway

#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 01 September 2015 - 03:31 AM

Hey, :)

 

Are you able to boot into SafeMode?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 05 September 2015 - 07:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users