Ukash malware infection (safe mode unavailable)

[koalaboy14]

Hey, i posted before but accidentally replied to myself (probably should have read the pinned thread) anyway...

I seem to have encountered the Australian media authority/interpol Ukash ransomware on my hp pavillion running windows 7 home premium 32bit. The virus doesn't allow me to access my laptop with safemode or safemode with command prompt or safemode with networking or even in normal mode.

However I've downloaded and run a scan with FSRT and have the log below. not really sure where to go from here

Thank you in advance

KB

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013

Ran by SYSTEM on 29-08-2013 18:53:10

Running from H:\

Windows 7 Home Premium (X86) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)

HKLM\...\Run: [HPCam_Menu] - c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [567864 2009-08-25] ()

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)

HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2011-03-10] (IDT, Inc.)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-07] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374328 2013-05-29] (Trend Micro Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [132920 2013-02-04] (Trend Micro Inc.)

HKU\DSE\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-08-20] (Hewlett-Packard Company)

HKU\DSE\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)

HKU\DSE\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [ 2010-04-20] (BitTorrent, Inc.)

HKU\DSE\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-09-29] (Hewlett-Packard)

HKU\DSE\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-03-29] (Google Inc.)

HKU\DSE\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [ 2012-02-22] (Apple Inc.)

HKU\DSE\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [ 2012-02-02] (DT Soft Ltd)

HKU\DSE\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [ 2012-06-07] (Samsung)

HKU\DSE\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKU\DSE\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2012-06-07] ()

HKU\DSE\...\Winlogon: [shell] explorer.exe,C:\Users\DSE\AppData\Roaming\cache.dat [ 2013-08-25] () <==== ATTENTION 

 

========================== Services (Whitelisted) =================

 

S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)

S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\STacSV.exe [229458 2011-03-10] (IDT, Inc.)

S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

 

==================== Drivers (Whitelisted) ====================

 

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-03-08] (Duplex Secure Ltd.)

S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [96248 2012-12-21] (Trend Micro Inc.)

S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-12-21] (Trend Micro Inc.)

S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.)

S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [83256 2012-12-07] (Trend Micro Inc.)

S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-12-21] (Trend Micro Inc.)

S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-05] (Trend Micro Inc.)

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)

S2 TMAgent; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-25 00:13 - 2013-08-28 23:40 - 00000004 _____ C:\Users\DSE\AppData\Roaming\cache.ini

2013-08-25 00:08 - 2013-08-25 00:07 - 00062976 _____ C:\Users\DSE\AppData\Roaming\cache.dat

2013-08-14 07:27 - 2013-08-14 07:27 - 00000000 ____D C:\Windows\System32\MRT

2013-08-14 07:19 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-08-14 07:19 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-08-14 07:19 - 2013-07-25 19:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-08-14 07:19 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-08-14 07:19 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-08-14 07:19 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-08-14 07:19 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-08-14 07:19 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-08-14 07:19 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-14 02:18 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

2013-08-14 02:18 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-08-14 02:18 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-08-14 02:18 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-08-14 02:18 - 2013-07-08 20:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-08-14 02:18 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2013-08-14 02:18 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll

2013-08-14 02:18 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-08-14 02:18 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-08-14 02:18 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-08-14 02:18 - 2013-07-05 21:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-08-14 02:17 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

2013-08-11 23:36 - 2013-08-11 23:39 - 00096768 ___SH C:\Users\DSE\Downloads\Thumbs.db

2013-08-06 00:16 - 2013-08-06 00:52 - 00000000 ____D C:\Users\DSE\Downloads\adventure time season 4

2013-08-02 05:02 - 2013-08-24 03:30 - 00000000 ____D C:\Users\DSE\AppData\Roaming\vlc

2013-08-02 05:02 - 2013-08-02 05:02 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 05:01 - 2013-08-02 05:01 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 04:58 - 2013-08-02 05:00 - 23003252 _____ C:\Users\DSE\Downloads\vlc-2.0.8-win32.exe

2013-08-02 01:07 - 2013-08-02 01:53 - 00006144 _____ C:\Users\DSE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-02 01:01 - 2013-08-02 04:56 - 00000000 ____D C:\Users\DSE\Downloads\Adventure Time Season 3 Complete

 

==================== One Month Modified Files and Folders =======

 

2013-08-29 00:05 - 2009-07-13 20:34 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-29 00:05 - 2009-07-13 20:34 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-29 00:01 - 2009-12-25 01:27 - 02088213 _____ C:\Windows\WindowsUpdate.log

2013-08-28 23:57 - 2009-07-13 20:39 - 00114704 _____ C:\Windows\setupact.log

2013-08-28 23:43 - 2012-05-13 18:16 - 00000258 __RSH C:\ProgramData\ntuser.pol

2013-08-28 23:40 - 2013-08-25 00:13 - 00000004 _____ C:\Users\DSE\AppData\Roaming\cache.ini

2013-08-28 23:40 - 2010-04-20 17:02 - 00000000 ____D C:\Users\DSE\AppData\Roaming\uTorrent

2013-08-28 23:39 - 2010-02-02 16:36 - 00000000 ____D C:\Users\DSE\AppData\Roaming\HpUpdate

2013-08-28 23:35 - 2010-02-17 00:48 - 00000000 ____D C:\Users\DSE\Tracing

2013-08-28 23:34 - 2010-04-23 15:33 - 00000000 ____D C:\Users\DSE\AppData\Local\CrashDumps

2013-08-25 00:07 - 2013-08-25 00:08 - 00062976 _____ C:\Users\DSE\AppData\Roaming\cache.dat

2013-08-24 03:30 - 2013-08-02 05:02 - 00000000 ____D C:\Users\DSE\AppData\Roaming\vlc

2013-08-24 03:30 - 2012-10-29 05:29 - 00000000 ____D C:\Users\DSE\Downloads\Archer Season 1

2013-08-23 15:18 - 2011-03-29 05:23 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-22 21:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF

2013-08-22 14:16 - 2011-11-24 13:15 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-08-22 14:16 - 2010-03-01 22:59 - 00000052 _____ C:\Windows\System32\DOErrors.log

2013-08-15 06:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2013-08-15 05:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-14 07:30 - 2013-08-14 07:27 - 00000000 ____D C:\Windows\System32\MRT

2013-08-14 07:27 - 2012-09-25 05:48 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-08-14 07:24 - 2009-09-06 15:02 - 00747890 _____ C:\Windows\System32\PerfStringBackup.INI

2013-08-11 23:39 - 2013-08-11 23:36 - 00096768 ___SH C:\Users\DSE\Downloads\Thumbs.db

2013-08-11 23:36 - 2012-04-01 22:28 - 00000000 ____D C:\Users\DSE\Downloads\Game.of.Thrones.S02E01.HDTV.x264-ASAP [PublicHD.ORG]

2013-08-07 14:23 - 2012-07-16 23:22 - 00000000 ____D C:\Users\DSE\Downloads\Bones - Season 1

2013-08-06 00:52 - 2013-08-06 00:16 - 00000000 ____D C:\Users\DSE\Downloads\adventure time season 4

2013-08-05 00:23 - 2013-07-14 03:55 - 00000000 ____D C:\Users\DSE\Downloads\Archer.2009.S04E01-13.720p.WEB-DL.x264.AAC

2013-08-02 05:02 - 2013-08-02 05:02 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 05:01 - 2013-08-02 05:01 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 05:00 - 2013-08-02 04:58 - 23003252 _____ C:\Users\DSE\Downloads\vlc-2.0.8-win32.exe

2013-08-02 04:56 - 2013-08-02 01:01 - 00000000 ____D C:\Users\DSE\Downloads\Adventure Time Season 3 Complete

2013-08-02 01:53 - 2013-08-02 01:07 - 00006144 _____ C:\Users\DSE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-01 22:20 - 2011-03-29 05:21 - 00000000 ____D C:\Program Files\Google

2013-08-01 21:53 - 2010-05-10 18:41 - 00000000 ____D C:\Users\DSE\AppData\Local\Adobe

2013-08-01 21:25 - 2012-08-06 23:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-08-01 21:25 - 2011-12-13 14:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

 

Files to move or delete:

====================

C:\Users\DSE\iTunesSetup.exe

C:\Users\DSE\AppData\Roaming\cache.dat

C:\Users\DSE\AppData\Roaming\cache.ini

C:\Users\DSE\AppData\Local\Temp\gsctmlviidrubmpel.exe

C:\Users\DSE\AppData\Local\Temp\SCC.dll

C:\Users\DSE\AppData\Local\Temp\TsuFCA74EC2.dll

C:\Users\DSE\AppData\Local\Temp\{B47A25A5-5E9B-4CCF-AE24-16B96F990753}\Custom.dll

C:\Users\DSE\AppData\Local\Temp\{B47A25A5-5E9B-4CCF-AE24-16B96F990753}\Setup.exe

C:\Users\DSE\AppData\Local\Temp\{B47A25A5-5E9B-4CCF-AE24-16B96F990753}\_Setup.dll

C:\Users\DSE\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll

C:\Users\DSE\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

 

==================== Known DLLs (Whitelisted) ============

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-07-25 22:26:20

Restore point made on: 2013-08-01 21:27:49

Restore point made on: 2013-08-05 23:16:28

Restore point made on: 2013-08-11 23:47:20

Restore point made on: 2013-08-14 07:18:43

Restore point made on: 2013-08-21 22:46:40

Restore point made on: 2013-08-28 23:36:07

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 4022.87 MB

Available physical RAM: 3392.39 MB

Total Pagefile: 4021.14 MB

Available Pagefile: 3392.64 MB

Total Virtual: 2047.88 MB

Available Virtual: 1936.21 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:453.75 GB) (Free:166.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (RECOVERY) (Fixed) (Total:11.71 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

Drive h: (HITMANPRO) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 88DB4E50)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

========================================================

Disk: 1 (Size: 983 MB) (Disk ID: D3F20374)

Partition 1: (Active) - (Size=981 MB) - (Type=0B)

 

 

LastRegBack: 2013-08-22 00:13

 

==================== End Of Log ============================

[MrCharlie]

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR

If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[koalaboy14]

Ahah! Excellent! my laptop has booted normally. Thank you MrC you're a champion. 

Here is the fix log as requested

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013

Ran by SYSTEM at 2013-08-29 22:51:33 Run:1

Running from H:\

Boot Mode: Recovery

 

==============================================

 

Content of fixlist:

*****************

HKU\DSE\...\Winlogon: [shell] explorer.exe,C:\Users\DSE\AppData\Roaming\cache.dat [ 2013-08-25] () 

C:\Users\DSE\AppData\Roaming\cache.dat

C:\Users\DSE\AppData\Roaming\cache.ini

C:\Users\DSE\AppData\Local\Temp\gsctmlviidrubmpel.exe

 

*****************

 

HKU\DSE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\DSE\AppData\Roaming\cache.dat => Moved successfully.

C:\Users\DSE\AppData\Roaming\cache.ini => Moved successfully.

C:\Users\DSE\AppData\Local\Temp\gsctmlviidrubmpel.exe => Moved successfully.

 

==== End of Fixlog ====

 

I have MBAR scanning at the moment. I'm not sure how long it will take to scan as i have a lot of files on my laptop. 

As soon as the scan is done (assuming i havent fallen asleep (its like 1130pm here)) i will post the logs as requested

thank yo again Mr Charlie

[MrCharlie]

OK...take your time.....MrC

[koalaboy14]

i just chhecked to see where the scan was p to. apparently there was no malware fond by the scan. however i am re scanning now to see whether it finds anything else

[MrCharlie]

OK, let me know.....MrC

[koalaboy14]

ok ran the scan again and its still saying no malware found no cleanup required. Did u want me to post any logs?

[MrCharlie]

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[koalaboy14]

alrighty. sorry for the delay. ive been working/had other commitments.

i have run combofix and the log is as follows 

 

ComboFix 13-08-31.01 - DSE 01/09/2013  12:52:33.1.4 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3063.1314 [GMT 10:00]

Running from: c:\users\DSE\Downloads\ComboFix.exe

AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-01 to 2013-09-01  )))))))))))))))))))))))))))))))

.

.

2013-09-01 02:41 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03F46B29-359A-49DD-AB1E-11D519F33F0E}\mpengine.dll

2013-08-30 06:29 . 2013-08-30 06:29 -------- d-----w- c:\programdata\Recovery

2013-08-30 02:53 . 2013-08-30 02:53 -------- d-----w- C:\FRST

2013-08-29 12:57 . 2013-08-29 12:57 -------- d-----w- c:\programdata\Malwarebytes

2013-08-29 12:57 . 2013-08-30 22:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-14 15:27 . 2013-08-14 15:30 -------- d-----w- c:\windows\system32\MRT

2013-08-14 10:18 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 10:18 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 10:18 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 10:18 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 10:18 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 10:18 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 10:18 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 10:18 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 10:18 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 10:18 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 10:18 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 10:17 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-02 13:02 . 2013-08-24 11:30 -------- d-----w- c:\users\DSE\AppData\Roaming\vlc

2013-08-02 13:01 . 2013-08-02 13:01 -------- d-----w- c:\program files\VideoLAN

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-01 02:45 . 2013-01-06 13:15 181808 ----a-w- c:\windows\RegBootClean.exe

2013-08-02 05:25 . 2012-08-07 07:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-02 05:25 . 2011-12-13 22:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-22 13:27 . 2013-07-22 13:27 22064 ----a-w- c:\windows\DCEBoot.exe

2013-06-22 09:53 . 2013-06-22 09:53 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-06-22 09:53 . 2013-06-22 09:53 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-06-22 09:53 . 2013-06-22 09:53 158720 ----a-w- c:\windows\system32\msls31.dll

2013-06-22 09:53 . 2013-06-22 09:53 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-06-22 09:53 . 2013-06-22 09:53 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-06-22 09:53 . 2013-06-22 09:53 138752 ----a-w- c:\windows\system32\wextract.exe

2013-06-22 09:53 . 2013-06-22 09:53 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-06-22 09:53 . 2013-06-22 09:53 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-06-22 09:53 . 2013-06-22 09:53 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-06-22 09:53 . 2013-06-22 09:53 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-06-22 09:53 . 2013-06-22 09:53 12800 ----a-w- c:\windows\system32\mshta.exe

2013-06-22 09:53 . 2013-06-22 09:53 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-06-22 09:53 . 2013-06-22 09:53 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-06-22 09:53 . 2013-06-22 09:53 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-06-22 09:53 . 2013-06-22 09:53 361984 ----a-w- c:\windows\system32\html.iec

2013-06-22 09:53 . 2013-06-22 09:53 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-22 09:53 . 2013-06-22 09:53 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-05 03:05 . 2013-07-10 03:56 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 04:53 . 2013-07-10 03:56 509440 ----a-w- c:\windows\system32\qedit.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-21 321328]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-29 39408]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-07 958392]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-07 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]

"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-03-10 495708]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-07 3521464]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-05-29 1374328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-04 132920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DCERegBootClean"="c:\windows\RegBootClean.exe" [2013-09-01 181808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-18 83168]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-10 230400]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-18 181344]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC32.sys [2012-08-24 38328]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-12-21 76648]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\aestsrv.exe [2011-03-10 81920]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2012-12-07 83256]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2012-07-06 171064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-29 23:15 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 05:25]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 13:21]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 13:21]

.

2013-08-23 c:\windows\Tasks\HPCeeScheduleForDSE-PC$.job

- c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2010-09-13 12:15]

.

2013-08-29 c:\windows\Tasks\HPCeeScheduleForDSE.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 12:15]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2FE3F9F0-7F2D-4B93-A0F0-182795DD2EF0}: NameServer = 211.29.132.12 61.88.88.88

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(6708)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Completion time: 2013-09-01  13:08:01

ComboFix-quarantined-files.txt  2013-09-01 03:08

.

Pre-Run: 177,856,663,552 bytes free

Post-Run: 177,860,472,832 bytes free

.

- - End Of File - - AE5489B5E405B8C79D6834389DAD99EB

92679D54185287390D1A1919D2C3E79B

[MrCharlie]

Looks Good......

Lets clean out any adware while you're here:

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[koalaboy14]

okiedokey. ran adw and heres the log before cleaning

# AdwCleaner v3.002 - Report created 02/09/2013 at 22:20:10

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : DSE - DSE-PC

# Running from : C:\Users\DSE\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found C:\ProgramData\Ask

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Product Found : Google Update Helper

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Google Chrome v29.0.1547.62

 

[ File : C:\Users\DSE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2691 octets] - [02/09/2013 22:20:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2751 octets] ##########

[koalaboy14]

and log after cleaning

 

#AdwCleaner v3.002 - Report created 02/09/2013 at 22:23:35

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : DSE - DSE-PC

# Running from : C:\Users\DSE\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKLM\Software\Iminent

Product Deleted : Google Update Helper

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Google Chrome v29.0.1547.62

 

[ File : C:\Users\DSE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2831 octets] - [02/09/2013 22:20:10]

AdwCleaner[s0].txt - [2732 octets] - [02/09/2013 22:23:35]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2792 octets] ##########

[koalaboy14]

anf the malware bytes log

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.02.03

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16660

DSE :: DSE-PC [administrator]

 

Protection: Enabled

 

2/09/2013 10:50:42 PM

mbam-log-2013-09-02 (22-50-42).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 250049

Time elapsed: 7 minute(s), 27 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\DSE\Downloads\DAEMONToolsPro500316-0317.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

 

(end)

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!