Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Webcam shows in use, no AV install works, on Win7 updates, inet works "fine"...

This is a discussion on Webcam shows in use, no AV install works, on Win7 updates, inet works "fine"... within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, after a long time I came back, settled in Toronto I found myself in need of superior assistance from


 
 
Thread Tools Search this Thread
Old 11-27-2014, 11:09 PM   #1
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi, after a long time I came back, settled in Toronto I found myself in need of superior assistance from the pros.

Not my laptop but a friends, by chance during lunch he mentions his webcam doesn't work anymore which surprised me cause I had to hold onto his laptop for 3 weeks while he was out of Canada, in any case I take a look and yes, webcam shows in use by another application, yet the webcam looks off and even skype is off, so instinct kicks and AV is not working, Win updates won't connect nor MB will update...tried to run Kas online...install closes by itself, and so it happens with every other malware detection program I tried, so I tell him to don't use it while I come back the next day and take it home, he managed to install and run some programs after googling around, in any case I have the laptop with me and so I decided to get help.

Here are the Logs:

***DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 1.6.0_24
Run by Pete at 1:08:00 on 2014-11-28
.
============== Running Processes ================
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = localhost:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.197.128.2 209.197.128.5
TCP: Interfaces\{ED8C7F82-BECF-460D-91FF-24B48FB6FB2D} : DHCPNameServer = 209.197.128.2 209.197.128.5
TCP: Interfaces\{ED8C7F82-BECF-460D-91FF-24B48FB6FB2D}\0556475627F657 : DHCPNameServer = 209.197.128.2 209.197.128.5
TCP: Interfaces\{ED8C7F82-BECF-460D-91FF-24B48FB6FB2D}\05564756E4F6475637 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{ED8C7F82-BECF-460D-91FF-24B48FB6FB2D}\4535D433D4D4 : DHCPNameServer = 192.168.10.32
TCP: Interfaces\{ED8C7F82-BECF-460D-91FF-24B48FB6FB2D}\4535D433D6D6 : DHCPNameServer = 10.1.0.1 10.1.0.18
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
============= SERVICES / DRIVERS ===============
.
R? btusbflt;Bluetooth USB Filter
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
R? TsUsbFlt;TsUsbFlt
R? usbrndis6;USB RNDIS6 Adapter
R? WatAdminSvc;Windows Activation Technologies Service
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? !SASCORE;SAS Core Service
S? AESTFilters;Andrea ST Filters Service
S? bcbtums;Bluetooth USB LD Filter
S? BcmBtRSupport;Bluetooth Driver Management Service
S? BcmVWL;Broadcom Virtual Wireless
S? btwampfl;btwampfl
S? btwl2cap;Bluetooth L2CAP Service
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM)
S? FoxitCloudUpdateService;Foxit Cloud Safe Update Service
S? HECIx64;Intel(R) Management Engine Interface
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel(R) Display Audio
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? PxHlpa64;PxHlpa64
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SftService;SoftThinks Agent Service
S? SSPORT;SSPORT
S? UNS;Intel(R) Management & Security Application User Notification Service
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-11-22 04:05:35 -------- d-----w- C:\Users\Pete\AppData\Roaming\TrojanHunter
2014-11-22 01:54:15 -------- d-----w- C:\Program Files (x86)\TrojanHunter 5.6
2014-11-21 23:55:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-21 23:55:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 23:29:03 -------- d-----w- C:\ProgramData\Avg
2014-11-21 23:29:02 -------- d--h--w- C:\ProgramData\Common Files
2014-11-21 23:29:02 -------- d-----w- C:\Program Files (x86)\AVG
2014-11-21 23:28:39 -------- d-----w- C:\Users\Pete\AppData\Local\AvgSetupLog
2014-11-21 23:28:39 -------- d-----w- C:\Users\Pete\AppData\Local\Avg
2014-11-19 05:12:34 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 05:12:34 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 05:12:33 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 05:12:30 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-16 18:47:27 -------- d-sh--w- C:\Users\Pete\AppData\Local\EmieBrowserModeList
2014-11-12 05:17:04 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 05:17:03 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 05:17:03 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 05:17:00 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 05:17:00 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 05:17:00 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 05:17:00 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 05:15:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
==================== Find3M ====================
.
2014-11-22 04:16:54 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 16:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 1:09:35.61 ===============

There is no Boot disc but I have my personal copy of Win7 x64 in case we needed to restore files or MBR.

Thanks for your time and help, I may try again for the Academy now that I'm in a much better situation and time is much better, but for now I just want to get this out of the way :)

Update: I forgot to mention that the inet works "fine" using Chrome, IE doesn't even open, can't say if there is any kind of redirection of the homepage as it doesn't even open...
Attached Files
File Type: zip attach.zip (2.9 KB, 42 views)
Fenrry is offline  
Sponsored Links
Advertisement
 
Old 11-28-2014, 09:52 AM   #2
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

I forgot to mention, Gmer crashed several times and I had to run it with Sections and C: only, and the title says "on Win7 updates" is "no win7 updates", I can't update the OS
Fenrry is offline  
Old 11-29-2014, 12:09 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 11-29-2014, 11:34 PM   #4
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi Chemist, thx for your help, here the logs!

> Frst.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Pete (administrator) on PETE-PC on 30-11-2014 02:27:57
Running from C:\Users\Pete\Desktop
Loaded Profile: Pete (Available profiles: Pete)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [dellsupportcenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-06] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-324997664-703939843-3123016371-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-13] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-324997664-703939843-3123016371-1000] => localhost:8080
HKU\S-1-5-21-324997664-703939843-3123016371-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-324997664-703939843-3123016371-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-324997664-703939843-3123016371-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
URLSearchHook: HKU\S-1-5-21-324997664-703939843-3123016371-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-324997664-703939843-3123016371-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-21-324997664-703939843-3123016371-1000 -> DefaultScope {43AA9E58-4E80-4E33-AB50-F928FAFF33D0} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-324997664-703939843-3123016371-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: google.ca
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=mcafee&type=A110CA0&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-324997664-703939843-3123016371-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pete\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-324997664-703939843-3123016371-1000: @talk.google.com/O1DPlugin -> C:\Users\Pete\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-324997664-703939843-3123016371-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-324997664-703939843-3123016371-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pete\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pete\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: United States English Spellchecker - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\[email protected] [2014-02-03]
FF Extension: No Name - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: DownloadHelper - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: DivX Web Player - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\[email protected] [2011-10-16]
FF Extension: Inline Translator - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\[email protected] [2014-02-05]
FF Extension: Google Translator for Firefox - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\[email protected] [2014-02-11]
FF Extension: Adobe Flash Player 12 Para Ver Videos en HD - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\[email protected] [2012-09-18]
FF Extension: Quick Translator - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-02-04]
FF Extension: ImTranslator - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-07]
FF Extension: gTranslate - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2011-05-15]
FF Extension: Adblock Plus - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-28]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-03-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-09-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (SiteAdvisor) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-05-01]
CHR Extension: (AdBlock) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-28]
CHR Extension: (Translate selection) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\goanabmlmgfinmjohhepcpffcnkeobjm [2013-09-11]
CHR Extension: (Google Wallet) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-05-12] (McAfee, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U3 kxldapow; \??\C:\Users\Pete\AppData\Local\Temp\kxldapow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 02:27 - 2014-11-30 02:28 - 00018630 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-11-30 02:27 - 2014-11-30 02:28 - 00000000 ____D () C:\FRST
2014-11-30 02:27 - 2014-11-30 01:50 - 02117632 _____ (Farbar) C:\Users\Pete\Desktop\FRST64.exe
2014-11-28 01:55 - 2014-11-28 01:55 - 00002970 _____ () C:\Users\Pete\Desktop\attach.zip
2014-11-28 01:54 - 2014-11-28 01:54 - 00004829 _____ () C:\Users\Pete\Desktop\Ark.txt
2014-11-28 01:09 - 2014-11-28 01:09 - 00017046 _____ () C:\Users\Pete\Desktop\dds.txt
2014-11-28 01:09 - 2014-11-28 01:09 - 00007740 _____ () C:\Users\Pete\Desktop\attach.txt
2014-11-28 01:05 - 2014-11-28 01:05 - 00000056 _____ () C:\Windows\setupact.log
2014-11-28 01:05 - 2014-11-28 01:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-28 01:04 - 2014-11-30 02:26 - 00013359 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 01:00 - 2014-11-22 03:08 - 00688992 ____R (Swearware) C:\Users\Pete\Desktop\dds.scr
2014-11-28 00:59 - 2014-11-28 00:59 - 00000085 _____ () C:\Windows\wininit.ini
2014-11-21 23:05 - 2014-11-21 23:05 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\TrojanHunter
2014-11-21 20:54 - 2014-11-28 00:59 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2014-11-21 20:54 - 2014-11-21 20:54 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-11-21 19:04 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-190424.backup
2014-11-21 18:57 - 2014-11-21 18:57 - 00000000 ____D () C:\Users\Pete\Documents\ProcAlyzer Dumps
2014-11-21 18:55 - 2014-11-28 01:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 18:55 - 2014-11-28 00:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-21 18:55 - 2014-11-21 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-21 18:41 - 2014-11-21 18:41 - 01329336 _____ () C:\Users\Pete\Desktop\PANDAFREEAV.exe
2014-11-21 18:29 - 2014-11-21 18:29 - 00000000 ____D () C:\ProgramData\Avg
2014-11-21 18:29 - 2014-11-21 18:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-21 18:28 - 2014-11-21 18:29 - 00000000 ____D () C:\Users\Pete\AppData\Local\AvgSetupLog
2014-11-21 18:28 - 2014-11-21 18:28 - 00000000 ____D () C:\Users\Pete\AppData\Local\Avg
2014-11-19 00:12 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 00:12 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 00:12 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 00:12 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 13:47 - 2014-11-16 13:47 - 00000000 __SHD () C:\Users\Pete\AppData\Local\EmieBrowserModeList
2014-11-12 00:17 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 00:17 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 00:17 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 00:17 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 00:17 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 00:17 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 00:17 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 00:16 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 00:16 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 00:16 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 00:16 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 00:16 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 00:16 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 00:16 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 00:16 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 00:16 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 00:16 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 00:16 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 00:16 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 00:16 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 00:16 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 00:16 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 00:16 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 00:16 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 00:16 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 00:16 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 00:16 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 00:16 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 00:16 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 00:16 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 00:16 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 00:16 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 00:16 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 00:16 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 00:16 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 00:16 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 00:16 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 00:16 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 00:16 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 00:16 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 00:16 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 00:16 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 00:16 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 00:16 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 00:16 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 00:16 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 00:16 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 00:16 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 00:16 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 00:16 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 00:16 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 00:16 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 00:16 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 00:16 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 00:16 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 00:16 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 00:16 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 00:16 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 00:16 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 00:16 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 00:16 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 00:16 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 00:16 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 00:16 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 00:16 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 00:16 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 00:16 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 00:16 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 00:15 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 00:15 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 00:15 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 00:15 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 00:15 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 00:15 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 00:15 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 00:15 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 00:15 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 00:15 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 00:15 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 00:15 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 00:15 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 00:15 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 00:15 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 00:15 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 00:15 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 00:15 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 00:15 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 00:15 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 00:15 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 00:15 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 00:15 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-08 17:10 - 2014-11-08 20:34 - 00000000 ____D () C:\Users\Pete\Desktop\Photos in Ukraine

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 01:52 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 01:14 - 2009-07-13 23:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 01:14 - 2009-07-13 23:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 01:06 - 2011-03-16 17:23 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-28 01:06 - 2011-03-16 17:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-28 01:06 - 2011-03-03 10:14 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-28 01:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 15:38 - 2011-03-25 20:46 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Skype
2014-11-24 14:36 - 2011-03-22 14:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-21 23:16 - 2014-10-01 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 23:14 - 2011-03-03 09:56 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-21 18:33 - 2011-03-25 18:59 - 00000000 ____D () C:\ProgramData\Panda Security
2014-11-21 18:08 - 2011-03-25 19:03 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Panda Security
2014-11-21 18:04 - 2014-10-01 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-21 18:04 - 2014-10-01 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-21 18:04 - 2013-10-11 09:50 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-21 17:58 - 2011-03-03 09:54 - 00000000 ____D () C:\ProgramData\Cozi
2014-11-13 13:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 21:37 - 2009-07-13 23:45 - 02339336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 21:34 - 2014-05-04 17:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:21 - 2011-03-18 00:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 09:19 - 2013-07-31 20:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:15 - 2011-03-24 07:32 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 18:33 - 2009-07-14 00:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-08 20:21 - 2013-08-30 08:16 - 00000000 ____D () C:\Users\Pete\Desktop\Part 2
2014-11-08 17:05 - 2014-10-28 18:37 - 00000000 ____D () C:\Users\Pete\AppData\Local\Windows Live
2014-11-06 17:52 - 2011-04-09 00:13 - 00000000 ____D () C:\Users\Pete\Documents\Dell WebCam Central
2014-11-06 12:56 - 2013-09-04 19:27 - 00000121 _____ () C:\Users\Public\LMDebug.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-28 02:14

==================== End Of Log ============================


> Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Pete at 2014-11-30 02:28:51
Running from C:\Users\Pete\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.186 - McAfee, Inc.)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.66.00(19/08/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.03.00 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Skype 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-324997664-703939843-3123016371-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-324997664-703939843-3123016371-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-324997664-703939843-3123016371-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-21 19:04 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A2E1094-5B7C-4EE3-B1DF-BC9B1AA5036F} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {1BBBF6D8-C280-4642-AF1B-E92614CFF22F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000Core => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10] (Google Inc.)
Task: {2A6DEBEC-D6E3-4996-A713-64E9F9D7A7FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {7A8C76CB-17A7-4912-B050-1C031321879D} - System32\Tasks\{7624FD27-0306-4A48-B31C-DB9AE994D04D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {7B7FA3D6-C0F9-4F81-9C09-64865D916377} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {81928553-FA26-45ED-A00A-1B54E58F0A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000UA => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10] (Google Inc.)
Task: {9AAD64FB-B970-4D54-8510-D74BC84B837C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: {B8E04D70-F7E4-46F7-96C5-AE1F2BDD2F61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000Core.job => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000UA.job => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-19 19:44 - 2011-04-11 00:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2013-09-04 19:16 - 2011-04-25 06:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2009-12-29 15:19 - 2009-12-29 15:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-03 10:14 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-10-15 13:35 - 2014-10-15 13:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2011-03-03 09:41 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03326165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03326165.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Pete^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Pete\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Privacy Protection => C:\Users\Pete\AppData\Roaming\privacy.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-324997664-703939843-3123016371-500 - Administrator - Disabled)
Guest (S-1-5-21-324997664-703939843-3123016371-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-324997664-703939843-3123016371-1003 - Limited - Enabled)
Pete (S-1-5-21-324997664-703939843-3123016371-1000 - Administrator - Enabled) => C:\Users\Pete

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2014 01:17:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xd10
Faulting application start time: 0xgmer.exe0
Faulting application path: gmer.exe1
Faulting module path: gmer.exe2
Report Id: gmer.exe3

Error: (11/28/2014 01:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x43c
Faulting application start time: 0xgmer.exe0
Faulting application path: gmer.exe1
Faulting module path: gmer.exe2
Report Id: gmer.exe3


System errors:
=============
Error: (11/30/2014 02:26:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/30/2014 02:26:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/30/2014 02:26:00 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/28/2014 01:55:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/28/2014 01:55:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/28/2014 01:55:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (11/28/2014 01:54:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 2934.68 MB
Available physical RAM: 1729.02 MB
Total Pagefile: 5867.55 MB
Available Pagefile: 4358.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HD) (Fixed) (Total:283.34 GB) (Free:220.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C4ACFF00)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Fenrry is offline  
Old 11-30-2014, 10:01 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Fenrry.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\WINDOWS\system32\drivers\03326165.sys

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2014, 06:53 PM   #6
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Quote:
Originally Posted by chemist View Post
Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\WINDOWS\system32\drivers\03326165.sys

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
I'm using the laptop offline, I feel a bit iffy about using it in my network, again, the laptop is not mine and the tools and others I'm downloading from my laptop via USB drive.
Fenrry is offline  
Old 11-30-2014, 07:03 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry. At least run FSS and post the results.

You will have to connect it to the internet eventually in order for us to finish.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2014, 09:58 PM   #8
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi Chemist, I connected to inet and tried on checking the file with VirusTotal, it wasn't there, "File not found".

FSS log is below.

> FSS


Farbar Service Scanner Version: 21-07-2014
Ran by Pete (administrator) on 01-12-2014 at 00:45:44
Running from "C:\Users\Pete\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Fenrry is offline  
Old 12-01-2014, 04:53 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    iphlpsvc.*
    
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-01-2014, 11:13 PM   #10
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi there, I have the Log!

> SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 02:07 on 02/12/2014 by Pete
Administrator - Elevation successful

========== filefind ==========

Searching for "iphlpsvc.*"
C:\Windows\System32\iphlpsvc.dll --a---- 569344 bytes [06:39 15/11/2012] [17:42 03/10/2012] 08C2957BB30058E663720C5606885653
C:\Windows\System32\en-US\iphlpsvc.dll.mui --a---- 38400 bytes [05:35 14/07/2009] [02:27 14/07/2009] 30EFFE90AB072D9642282F8027C035ED
C:\Windows\SysWOW64\en-US\iphlpsvc.dll.mui --a---- 38400 bytes [05:35 14/07/2009] [02:10 14/07/2009] 8F7C3E8A62C37D5EC7211818D318EFDC
C:\Windows\winsxs\amd64_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_en-us_46b9ffa090736c90\iphlpsvc.dll.mui --a---- 38400 bytes [05:35 14/07/2009] [02:27 14/07/2009] 30EFFE90AB072D9642282F8027C035ED
C:\Windows\winsxs\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.1.7600.16385_none_6dd80479960b724d\iphlpsvc.dll --a---- 565760 bytes [00:09 14/07/2009] [01:41 14/07/2009] F8E058D17363EC580E4B7232778B6CB5
C:\Windows\winsxs\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.1.7601.17514_none_7009184192f9f5e7\iphlpsvc.dll --a---- 569344 bytes [02:36 26/03/2011] [13:26 20/11/2010] A34A587FFFD45FA649FBA6D03784D257
C:\Windows\winsxs\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.1.7601.17964_none_6fd3103d93227638\iphlpsvc.dll --a---- 569344 bytes [06:39 15/11/2012] [17:42 03/10/2012] 08C2957BB30058E663720C5606885653
C:\Windows\winsxs\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.1.7601.22124_none_7087c4daac1fd980\iphlpsvc.dll --a---- 570368 bytes [06:39 15/11/2012] [17:31 03/10/2012] 4261F21A202746AC207CA9AA863D9FD4
C:\Windows\winsxs\x86_microsoft-windows-i..migration.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ea9b641cd815fb5a\iphlpsvc.dll.mui --a---- 38400 bytes [05:35 14/07/2009] [02:10 14/07/2009] 8F7C3E8A62C37D5EC7211818D318EFDC

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\config]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\IPHTTPS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo]
(No values found)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt]
"DisplayName"="Windows Management Instrumentation"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"ObjectName"="localSystem"
"ErrorControl"= 0x0000000000 (0)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RPCSS"
"ServiceSidType"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 02 00 00 00 14 00 00 00 01 00 00 00 60 ea 00 00 01 00 00 00 60 ea 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
"ServiceMain"="ServiceMain"


-= EOF =-
Fenrry is offline  
Old 12-02-2014, 06:34 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc]
"DisplayName"="@%SystemRoot%\system32\iphlpsvc.dll,-500"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k NetSvcs"
"Description"="@%SystemRoot%\system32\iphlpsvc.dll,-501"
"ObjectName"="LocalSystem"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RpcSS Tdx winmgmt tcpip nsi"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeCreateGlobalPrivilege SeImpersonatePrivilege SeLoadDriverPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\config]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
"ServiceDllUnloadOnStop"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\IPHTTPS]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7DB0E0B8-7744-4044-8A2D-645CBAE19226}]
"InterfaceName"="isatap.{912DD751-F220-4C89-95EF-F083DBF9D7DD}"
"ReusableType"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D3C139B1-B826-431F-A3FF-E847605D8D0C}]
"InterfaceName"="isatap.wcboe.local"
"ReusableType"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{F38E3D5D-EAC6-4C46-822B-5A4AA59E8CE1}]
"InterfaceName"="isatap.{40D5732D-BBA7-4107-B38C-B8B005CF62E9}"
"ReusableType"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo]
"SP1Installed"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt]
"DisplayName"="@%Systemroot%\system32\wbem\wmisvc.dll,-205"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="@%Systemroot%\system32\wbem\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"= 0x0000000000 (0)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RPCSS"
"ServiceSidType"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k secsvcs"
"Start"= 0x0000000003 (3)
"Type"= 0x0000000020 (32)
"Description"="@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176"
"DependOnService"="RpcSs"
"ObjectName"="LocalSystem"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeImpersonatePrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeChangeNotifyPrivilege SeSecurityPrivilege SeShutdownPrivilege SeIncreaseQuotaPrivilege SeAssignPrimaryTokenPrivilege"
"DelayedAutoStart"= 0x0000000000 (0)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 ea 00 00 01 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=01 00 14 80 dc 00 00 00 e8 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 ac 00 06 00 00 00 00 00 28 00 ff 01 0f 00 01 06 00 00 00 00 00 05 50 00 00 00 b5 89 fb 38 19 84 c2 cb 5c 6c 23 6d 57 00 77 6e c0 02 64 87 00 0b 28 00 00 00 00 10 01 06 00 00 00 00 00 05 50 00 00 00 b5 89 fb 38 19 84 c2 cb 5c 6c 23 6d 57 00 77 6e c0 02 64 87 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo\0]
"Type"= 0x0000000005 (5)
"Action"= 0x0000000001 (1)
"GUID"=e6 ca 9f 65 db 5b a9 4d b1 ff ca 2a 17 8d 46 e0  (REG_BINARY)
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03326165.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03326165.sys => ""="Driver"
    SearchScopes: HKU\S-1-5-21-324997664-703939843-3123016371-1000 -> DefaultScope {43AA9E58-4E80-4E33-AB50-F928FAFF33D0} URL = 
    U3 kxldapow; \??\C:\Users\Pete\AppData\Local\Temp\kxldapow.sys [X]
    C:\Users\Pete\AppData\Roaming\privacy.exe
    C:\Program Files (x86)\Mobogenie
    C:\Program Files (x86)\Ares
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-02-2014, 07:13 PM   #12
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi Chemist.

> Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Pete at 2014-12-02 22:05:50 Run:1
Running from C:\Users\Pete\Desktop
Loaded Profile: Pete (Available profiles: Pete)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03326165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03326165.sys => ""="Driver"
SearchScopes: HKU\S-1-5-21-324997664-703939843-3123016371-1000 -> DefaultScope {43AA9E58-4E80-4E33-AB50-F928FAFF33D0} URL =
U3 kxldapow; \??\C:\Users\Pete\AppData\Local\Temp\kxldapow.sys [X]
C:\Users\Pete\AppData\Roaming\privacy.exe
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\Ares
EmptyTemp:
end
*****************

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\03326165.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\03326165.sys" => Key deleted successfully.
HKU\S-1-5-21-324997664-703939843-3123016371-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
kxldapow => Service deleted successfully.
"C:\Users\Pete\AppData\Roaming\privacy.exe" => File/Directory not found.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
"C:\Program Files (x86)\Ares" => File/Directory not found.
EmptyTemp: => Removed 132.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Fenrry is offline  
Old 12-03-2014, 04:13 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry. Any improvement so far?

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2014, 02:59 AM   #14
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Morning Chemist.

ADW failed with error on "Line 2057" when trying to launch, IE opens for a couple seconds and closes again, so we have not much for improvements aside of all the trash we have removed so far... :(

ComboFix log

ComboFix 14-12-02.01 - Pete 04/12/2014 5:12.1.4 - x64
Running from: c:\users\Pete\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-11-04 to 2014-12-04 )))))))))))))))))))))))))))))))
.
.
2014-12-04 10:04 . 2014-12-04 10:04 -------- d-----w- C:\AdwCleaner
2014-11-30 07:27 . 2014-12-03 03:05 -------- d-----w- C:\FRST
2014-11-22 04:05 . 2014-11-22 04:05 -------- d-----w- c:\users\Pete\AppData\Roaming\TrojanHunter
2014-11-22 01:54 . 2014-11-28 05:59 -------- d-----w- c:\program files (x86)\TrojanHunter 5.6
2014-11-21 23:55 . 2014-11-28 05:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-11-21 23:55 . 2014-11-28 06:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-11-21 23:29 . 2014-11-21 23:29 -------- d-----w- c:\programdata\Avg
2014-11-21 23:29 . 2014-11-21 23:29 -------- d-----w- c:\program files (x86)\AVG
2014-11-21 23:29 . 2014-11-21 23:29 -------- d--h--w- c:\programdata\Common Files
2014-11-21 23:28 . 2014-11-21 23:28 -------- d-----w- c:\users\Pete\AppData\Local\Avg
2014-11-19 05:12 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 05:12 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 05:12 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 05:12 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-16 18:47 . 2014-11-16 18:47 -------- d-sh--w- c:\users\Pete\AppData\Local\EmieBrowserModeList
2014-11-12 05:17 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 05:17 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 05:17 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 05:17 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:17 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 05:17 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 05:17 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 05:15 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-04 10:38 . 2014-12-04 10:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C14D15F9-C52A-4869-8F08-F8B3A93B168A}\offreg.dll
2014-11-22 04:16 . 2014-10-02 01:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 14:15 . 2011-03-24 12:32 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 16:11 . 2014-10-02 01:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 16:11 . 2013-10-11 14:52 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11 . 2013-10-11 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-02 01:09 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-02 01:08 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-02 01:15 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-02 01:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-13 7767832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 23:26 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-07 12:42]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02 01:13]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02 01:13]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 03:12]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324997664-703939843-3123016371-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 03:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-12-04 05:43:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-04 10:43
.
Pre-Run: 236,142,059,520 bytes free
Post-Run: 235,918,938,112 bytes free
.
- - End Of File - - 7E4617017A3FC96610572DEB4E8E72E2

=======================



Btw, after the laptop restarted and Combofix was finished I tried on running ADW, it works!, so here is the Log.

ADW log

# AdwCleaner v4.103 - Report created 04/12/2014 at 05:50:38
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pete - PETE-PC
# Running from : C:\Users\Pete\Desktop\adwcleaner_4.103.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\pcdr
Folder Deleted : C:\Users\Pete\AppData\Local\genienext
Folder Deleted : C:\Users\Pete\AppData\Local\Mobogenie
File Deleted : C:\Users\Pete\daemonprocess.txt
File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\rer1bb92.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v38.0.2125.111

[C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1906 octets] - [04/12/2014 05:46:30]
AdwCleaner[S0].txt - [1764 octets] - [04/12/2014 05:50:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1824 octets] ##########

=================

After the last 2 scans and fixes, IE still doesn't work, opens and closes after 2 or 3 seconds, Webcam still shows as in use by another application....
Fenrry is offline  
Old 12-04-2014, 04:44 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry. Gonna have to do a little research on this one.

First, would you be willing to reset IE to default settings? You will lose all your settings.

Since you can't open IE, you will have to do the Automatically open the Reset Internet Explorer Settings dialog box method here:

How to reset Internet Explorer settings

Let me know.

------------------------------------------------------
  • Double-click FSS.exe as before.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2014, 09:05 AM   #16
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Can't reset IE, since I can't keep it open I can't use the manual mode and the Fixit from Ms doesn't work due to "something not allowing the script to run"...nm, I just saw the whole post didn't c the part where u mention the automatic option as the only option , I got the FSS log on the other hand :)

FSS

Farbar Service Scanner Version: 21-07-2014
Ran by Pete (administrator) on 04-12-2014 at 12:01:04
Running from "C:\Users\Pete\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Fenrry is offline  
Old 12-04-2014, 11:39 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry. Did the automatic fix work? I can't tell from your reply.

------------------------------------------------------

I don't use a webcam. When you say, webcam shows in use by another application, how do you know?

What is telling you the webcam is in use by another application? I'm trying to see what's going on by looking at your logs, but don't know exactly what to look for. Thanks.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\InProcServer32]
@="%SystemRoot%\System32\Actioncenter.dll"
"ThreadingModel"="Free"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
@="Action Center Shell Service Object"
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
  • Double-click FSS.exe as before.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2014, 01:48 PM   #18
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Quote:
Originally Posted by chemist View Post
Hello again, Fenrry. Did the automatic fix work? I can't tell from your reply.

------------------------------------------------------

I don't use a webcam. When you say, webcam shows in use by another application, how do you know?

What is telling you the webcam is in use by another application? I'm trying to see what's going on by looking at your logs, but don't know exactly what to look for. Thanks.
No, the fix didn't work, I got an error due to "something not allowing the script to run", then the fix closes, IE still doesn't work.

In regards of the Webcam, since the laptop is Dell I try running the Dell Webcam app, or anything else that may use the webcam, every time I get the error of "webcam is in use by another application", that's how I know.

I'll run the rest of the fix later tonite :)
Fenrry is offline  
Old 12-04-2014, 09:19 PM   #19
Registered Member
 
Fenrry's Avatar
 
Join Date: Jul 2005
Location: From Colombia but I live in Toronto and this allergies are terrible this year....
Posts: 338
OS: Win 8


Send a message via AIM to Fenrry Send a message via Yahoo to Fenrry

Hi Chemist,

The script didn't merge, I received a "Cannot import.......Some keys are open by the system or other processes"

FSS log


Farbar Service Scanner Version: 21-07-2014
Ran by Pete (administrator) on 05-12-2014 at 00:14:04
Running from "C:\Users\Pete\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Shall I try and run some of this fixes under Safe Mode?
Fenrry is offline  
Old 12-05-2014, 04:37 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenrry. It appears the script did in fact work. We can check.
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\InProcServer32 /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
  • Download the Complete Internet Repair and save it to your desktop.
  • Double-click comintrep.exe and extract the files to your desktop.
  • Open the Complete Internet Repair folder and double-click CIntRep.exe
  • Check the box next to Repair Internet Explorer 11.0.9600 then click Go!
  • You will be prompted to reboot your computer.
  • Once restarted, open the CIntRep.log log in the Logging folder inside the Complete Internet Repair folder and post the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google searches being redirected
Occasionally when I Google something it will redirect me to another website. I already tried using Malwarebytes and SuperAntispyware, both did not work. There seems to be nothing wrong with my laptop other than the Google redirects. I ran the dds file from the stickied thread, this is what i...
bobojenkins Inactive Malware Help Topics 2 01-27-2012 03:49 AM
Virus: Network card, USB, Audio
Hello, It seems like I've run into quite the virus lately and was hoping that someone could help me out. While everything was working fine I tried to plug in a USB mouse and had no success. When I went to plug it in nothing popped up that it was recognized, so I decided to restart my laptop,...
Ajjr108 Inactive Malware Help Topics 0 11-04-2011 01:43 PM
Trouble with Directx 10
When trying to install a redist for a game i was going to play, this error comes up: "An internal system error occured. Please refer to DXERROR.log and Directx.log in your Windows folder to determine the problem" This is my DXError.log: -------------------- module: dxupdate(Sep 4 2009),...
xAtlas PC Gaming Support 1 07-29-2011 01:43 PM
Not sure what is going on...
I was recommended here through the following post in this forum: https://www.techsupportforum.com/forums/f10/windows-updates-repeatedly-install-568442.html THANK YOU FOR YOUR HELP! DDS.TXT Results: . DDS (Ver_11-03-05.01) - NTFSx86
crazydiamond Inactive Malware Help Topics 22 05-28-2011 07:46 AM
Vista to XP Downgrade Compaq/ HP F700/G6000/DV6900/DV6700/DVx7xx/DV9800 Series Laptop
GUIDELINES Please read the following:. I have compiled a list of drivers for the Compaq Presario/HP F700/G6000,DV6900/DV6700/x7xx and DV9800 series laptops with an AMD Processor ONLY. These drivers have been used "Successfully" to downgrade these laptops from Vista to XP. I must warn you....
BCCOMP Laptop Support 3 11-04-2008 07:58 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:09 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts