Jump to content

No network adapter. Sleep mode


Recommended Posts

I am running windows 7 premium home, dell inspiration 560, with a wired connection to rounter to comcast. Recently we encountered a virus, the one that keeps asking you to update your flash player. So i down loaded the malware tool, removed the trojan, kept the optional - everything was fine. Ran one more scan with window security, and all my internet was gone. When i went to internet set up the lan was also missing. Trouble shoot said the network adapter was missing. Checked devise mgn and the Realtek was missing. So reinstalled from disk, and i got an error saying it was in sleep mode and to plug in cable.

I have checked router ( netgear) which works fine wireless, downloaded to disk and installed the updated driver from dell. Nothing works. I shut down and restarted, shut down unplugged for 1 hour and restarted. I tried a system restore.

I ran another scan with malware and am getting two Trojan.vundo in registry keys, and 30 other pup optional, but I am totally out of my comfort zone and would appreciate any help or direction.

Thank you,

Ann

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Thank you in advance for your help Marius. I ran a couple a scans with the malwarebytes. I am attaching in the order of the date. As I noted in my previous post the last scan showed several items, I have not done anything with them yet. 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Annette :: ANNETTE-PC [administrator]
 
9/3/2013 10:26:24 PM
mbam-log-2013-09-03 (22-26-24).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302581
Time elapsed: 10 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data:  -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
 
Files Detected: 20
C:\Users\Annette\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$R8PTKYF.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$RJV0J02.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$ROO2TUG.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1003\$REYL5T6.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Annette\AppData\Local\Temp\nsxCD60.tmp\nsx523.tmp\SetupDataMngr_Searchqu.exe (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Jamie\AppData\Local\Temp\is87173921\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Jamie\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Jessica.Annette-PC\Downloads\iLividSetup-r157-n-bi.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Jessica.Annette-PC\Local Settings\Temporary Internet Files\Content.IE5\8G9U51XI\iLividSetup-r514-n-bi.exe (PUP.Optional.Vid) -> Quarantined and deleted successfully.
C:\Users\Annette\AppData\Local\Temp\searchqutoolbar-manifest.xml (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
 
(end)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Annette :: ANNETTE-PC [administrator]
 
9/4/2013 6:12:45 AM
mbam-log-2013-09-04 (06-12-45).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302277
Time elapsed: 7 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Annette :: ANNETTE-PC [administrator]
 
9/13/2013 7:29:06 PM
MBAM-log-2013-09-13 (20-39-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 302381
Time elapsed: 9 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> No action taken.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data:  -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> No action taken.
 
Files Detected: 20
C:\Users\Annette\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Users\Jamie\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$R8PTKYF.exe (PUP.Optional.Installex) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$RJV0J02.exe (PUP.Optional.Installex) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1002\$ROO2TUG.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3040152873-3571491299-437517930-1003\$REYL5T6.exe (PUP.Optional.Installex) -> No action taken.
C:\Users\Annette\AppData\Local\Temp\nsxCD60.tmp\nsx523.tmp\SetupDataMngr_Searchqu.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Users\Jamie\AppData\Local\Temp\is87173921\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Jamie\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\Jessica.Annette-PC\Downloads\iLividSetup-r157-n-bi.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Jessica.Annette-PC\Local Settings\Temporary Internet Files\Content.IE5\8G9U51XI\iLividSetup-r514-n-bi.exe (PUP.Optional.Vid) -> No action taken.
C:\Users\Annette\AppData\Local\Temp\searchqutoolbar-manifest.xml (PUP.Optional.Searchqu.A) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> No action taken.
 
(end)
 
 
Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-09-18 06:13:48

-----------------------------

06:13:48.636    OS Version: Windows x64 6.1.7601 Service Pack 1

06:13:48.636    Number of processors: 1 586 0x1601

06:13:48.636    ComputerName: ANNETTE-PC  UserName: Annette

06:13:49.338    Initialize success

06:14:06.746    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

06:14:06.746    Disk 0 Vendor: ST332041 CC45 Size: 305245MB BusType: 3

06:14:06.856    Disk 0 MBR read successfully

06:14:06.856    Disk 0 MBR scan

06:14:06.856    Disk 0 Windows VISTA default MBR code

06:14:06.856    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63

06:14:06.871    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920

06:14:06.887    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920

06:14:06.902    Disk 0 scanning C:\Windows\system32\drivers

06:14:13.798    Service scanning

06:14:26.761    Modules scanning

06:14:26.761    Disk 0 trace - called modules:

06:14:26.792    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 

06:14:26.792    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bc9060]

06:14:26.808    3 CLASSPNP.SYS[fffff880013cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047f4050]

06:14:26.808    Scan finished successfully

06:15:18.491    Disk 0 MBR has been saved successfully to "C:\Users\Annette\Desktop\Logs\09.18.2013\MBR.dat"

06:15:18.507    The log file has been saved successfully to "C:\Users\Annette\Desktop\Logs\09.18.2013\aswMBR.txt"
Link to post
Share on other sites

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender



    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Yes - still with you!

 

I am using another computer not at my house to download the required programs as you requested. I had forgot my flashdrive which caused me to loose a day. My apologies. 

 

Here are the results from the last two requested scans. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Annette at 6:18:19 on 2013-09-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2456 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Searchqu Toolbar: {99079A25-328F-4BD4-BE04-00955ACAA0A7} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079A25-328F-4BD4-BE04-00955ACAA0A7} - 
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Annette\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CFF00CB4-4453-4613-9A75-15E3BDB8C042} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-21 55856]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-21 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-9-7 27136]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-15 145408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-7-20 35840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-26 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-21 236544]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2013-9-9 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2013-9-9 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2013-9-9 43008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-26 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]
.
=============== Created Last 30 ================
.
2013-09-15 05:36:36 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\offreg.dll
2013-09-13 23:22:15 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\mpengine.dll
2013-09-10 02:11:57 43008 ----a-w- C:\Windows\System32\drivers\RtTeam60.sys
2013-09-10 02:11:57 24064 ----a-w- C:\Windows\System32\drivers\RtVlan60.sys
2013-09-08 01:31:36 27136 ----a-w- C:\Windows\System32\drivers\RtNdPt60.sys
2013-09-08 01:29:21 -------- d-----w- C:\Program Files (x86)\Realtek
2013-09-07 20:59:34 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2013-09-05 10:14:07 45056 ----a-r- C:\Users\Annette\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-09-05 10:14:05 -------- d-----w- C:\Windows\SysWow64\vmm32
2013-09-05 02:56:41 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-09-05 02:56:35 -------- d-----w- C:\Windows\System32\BestPractices
2013-09-05 02:56:33 -------- d-----w- C:\inetpub
2013-09-04 11:54:32 -------- d-----w- C:\Users\Annette\AppData\Roaming\RealNetworks
2013-09-04 10:25:16 -------- d-----w- C:\143b4239f825330daba001b666
2013-09-04 02:25:33 -------- d-----w- C:\Users\Annette\AppData\Roaming\Malwarebytes
2013-09-04 02:17:33 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-04 02:17:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-04 02:16:10 -------- d-----w- C:\Users\Annette\AppData\Local\Programs
2013-09-02 20:42:04 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-01 02:44:59 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-09-01 02:44:56 -------- d-----w- C:\ProgramData\RealNetworks
2013-09-01 02:44:40 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-09-01 02:44:11 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-01 02:44:11 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-09-01 02:18:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 02:18:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-31 22:17:28 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-31 22:17:28 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-31 22:17:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-23 19:30:04 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24827232-0397-47A6-81D1-904EB9FBF015}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  6:18:50.51 ===============
 
 
Farbar Service Scanner Version: 13-09-2013
Ran by Annette (administrator) on 22-09-2013 at 06:21:25
Running from "I:\Thursday"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

 

attach.zip

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Here is the log from Combofix.

 

ComboFix 13-09-23.02 - Annette 09/23/2013  20:58:24.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2500 [GMT -4:00]
Running from: I:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL
c:\program files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL
c:\program files (x86)\Searchqu Toolbar\Datamngr
c:\program files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\users\Jessica.Annette-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jessica.Annette-PC\Documents\~WRL0005.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 01:06 . 2013-09-24 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 01:06 . 2013-09-24 01:06 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2013-09-24 01:06 . 2013-09-24 01:06 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2013-09-15 05:36 . 2013-09-22 06:17 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\offreg.dll
2013-09-13 23:22 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\mpengine.dll
2013-09-10 02:11 . 2008-10-24 14:55 43008 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2013-09-10 02:11 . 2007-12-03 14:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2013-09-08 01:31 . 2009-07-20 14:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2013-09-08 01:29 . 2013-09-13 23:19 -------- d-----w- c:\program files (x86)\Realtek
2013-09-07 20:59 . 2013-09-24 01:05 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2013-09-05 10:14 . 2013-09-05 10:14 45056 ----a-r- c:\users\Annette\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-09-05 10:14 . 2013-09-13 23:21 -------- d-----w- c:\windows\SysWow64\vmm32
2013-09-05 02:56 . 2013-09-05 02:56 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-09-05 02:56 . 2013-09-13 23:20 -------- d-----w- c:\windows\system32\BestPractices
2013-09-05 02:56 . 2013-09-13 23:18 -------- d-----w- C:\inetpub
2013-09-04 22:05 . 2013-09-04 22:05 -------- d-----w- c:\users\Jessica.Annette-PC\AppData\Roaming\RealNetworks
2013-09-04 11:54 . 2013-09-04 11:54 -------- d-----w- c:\users\Annette\AppData\Roaming\RealNetworks
2013-09-04 10:25 . 2013-09-13 23:20 -------- d-----w- C:\143b4239f825330daba001b666
2013-09-04 02:25 . 2013-09-13 23:19 -------- d-----w- c:\users\Annette\AppData\Roaming\Malwarebytes
2013-09-04 02:18 . 2013-09-13 23:19 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2013-09-04 02:17 . 2013-09-13 23:19 -------- d-----w- c:\programdata\Malwarebytes
2013-09-04 02:17 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 02:16 . 2013-09-04 02:16 -------- d-----w- c:\users\Annette\AppData\Local\Programs
2013-09-02 20:42 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-01 02:45 . 2013-09-01 02:45 -------- d-----w- c:\users\Jamie\AppData\Roaming\RealNetworks
2013-09-01 02:44 . 2013-09-13 23:19 -------- d-----w- c:\program files (x86)\RealNetworks
2013-09-01 02:44 . 2013-09-01 02:44 -------- d-----w- c:\programdata\RealNetworks
2013-09-01 02:44 . 2013-09-13 23:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-09-01 02:44 . 2013-09-01 02:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-09-01 02:44 . 2013-09-01 02:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-09-01 02:18 . 2013-09-01 02:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 02:18 . 2013-09-01 02:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-31 22:17 . 2013-08-31 22:16 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-31 22:17 . 2013-08-31 22:16 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-31 22:17 . 2013-08-31 22:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 21:31 . 2013-09-05 12:17 -------- d-----w- c:\users\Jamie\AppData\Local\DefineExt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 19:29 . 2013-08-23 19:30 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24827232-0397-47A6-81D1-904EB9FBF015}\gapaengine.dll
2013-08-05 20:14 . 2010-08-02 22:00 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-26 05:13 . 2013-08-15 07:28 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-07-26 05:13 . 2013-08-15 07:28 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 05:13 . 2013-08-15 07:28 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-07-26 05:12 . 2013-08-15 07:28 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-07-26 05:12 . 2013-08-15 07:28 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-07-26 05:12 . 2013-08-15 07:28 855552 ----a-w- c:\windows\system32\jscript.dll
2013-07-26 05:12 . 2013-08-15 07:28 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 05:12 . 2013-08-15 07:28 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-07-26 05:12 . 2013-08-15 07:28 526336 ----a-w- c:\windows\system32\ieui.dll
2013-07-26 05:12 . 2013-08-15 07:28 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 05:12 . 2013-08-15 07:28 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 05:12 . 2013-08-15 07:28 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-07-26 05:12 . 2013-08-15 07:28 2647040 ----a-w- c:\windows\system32\iertutil.dll
2013-07-26 05:12 . 2013-08-15 07:28 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-07-26 03:35 . 2013-08-15 07:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 03:13 . 2013-08-15 07:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-26 03:12 . 2013-08-15 07:28 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-07-26 03:12 . 2013-08-15 07:28 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-07-26 03:12 . 2013-08-15 07:28 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49 . 2013-08-15 07:28 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39 . 2013-08-15 07:28 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-26 01:59 . 2013-08-15 07:28 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25 . 2013-08-14 17:49 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:49 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 17:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-17 23:53 . 2011-03-26 14:27 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 06:03 . 2013-08-14 17:49 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:54 . 2013-08-14 17:49 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 05:53 . 2013-08-14 17:49 243712 ----a-w- c:\windows\system32\wow64.dll
2013-07-09 05:52 . 2013-08-14 17:50 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 17:49 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 17:50 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 17:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 17:50 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 05:03 . 2013-08-14 17:49 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 17:49 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 17:49 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-09 04:52 . 2013-08-14 17:49 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 17:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-09 04:52 . 2013-08-14 17:50 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 17:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 17:50 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 17:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-09 04:45 . 2013-08-14 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-09 02:49 . 2013-08-14 17:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-09 02:49 . 2013-08-14 17:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-09 02:49 . 2013-08-14 17:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49 . 2013-08-14 17:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-07-06 06:03 . 2013-08-14 17:49 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-09-01 295512]
.
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Jessica.Annette-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 01:00 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 02:18]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 21:52]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99079A25-328F-4BD4-BE04-00955ACAA0A7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{99079A25-328F-4BD4-BE04-00955ACAA0A7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk - c:\program files (x86)\Disney Vacation Connection\Disney Vacation Connection.exe
c:\users\Jessica.Annette-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk - c:\program files (x86)\Disney Vacation Connection\Disney Vacation Connection.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-23  21:09:39
ComboFix-quarantined-files.txt  2013-09-24 01:09
.
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

Here is the Combofix log with the CFScript - I think I did it right this time. 

 

ComboFix 13-09-23.02 - Annette 09/25/2013   8:23.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2345 [GMT -4:00]
Running from: I:\ComboFix.exe
Command switches used :: c:\users\Annette\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Searchqu Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-25 to 2013-09-25  )))))))))))))))))))))))))))))))
.
.
2013-09-25 12:30 . 2013-09-25 12:30 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2013-09-25 12:30 . 2013-09-25 12:30 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2013-09-25 12:30 . 2013-09-25 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-15 05:36 . 2013-09-22 06:17 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\offreg.dll
2013-09-13 23:22 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB0BD1DE-9582-46A2-A1CC-AD8CCA230ABB}\mpengine.dll
2013-09-10 02:11 . 2008-10-24 14:55 43008 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2013-09-10 02:11 . 2007-12-03 14:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2013-09-08 01:31 . 2009-07-20 14:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2013-09-08 01:29 . 2013-09-13 23:19 -------- d-----w- c:\program files (x86)\Realtek
2013-09-05 10:14 . 2013-09-05 10:14 45056 ----a-r- c:\users\Annette\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-09-05 10:14 . 2013-09-13 23:21 -------- d-----w- c:\windows\SysWow64\vmm32
2013-09-05 02:56 . 2013-09-05 02:56 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-09-05 02:56 . 2013-09-13 23:20 -------- d-----w- c:\windows\system32\BestPractices
2013-09-05 02:56 . 2013-09-13 23:18 -------- d-----w- C:\inetpub
2013-09-04 22:05 . 2013-09-04 22:05 -------- d-----w- c:\users\Jessica.Annette-PC\AppData\Roaming\RealNetworks
2013-09-04 11:54 . 2013-09-04 11:54 -------- d-----w- c:\users\Annette\AppData\Roaming\RealNetworks
2013-09-04 10:25 . 2013-09-13 23:20 -------- d-----w- C:\143b4239f825330daba001b666
2013-09-04 02:25 . 2013-09-13 23:19 -------- d-----w- c:\users\Annette\AppData\Roaming\Malwarebytes
2013-09-04 02:18 . 2013-09-13 23:19 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2013-09-04 02:17 . 2013-09-13 23:19 -------- d-----w- c:\programdata\Malwarebytes
2013-09-04 02:17 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 02:16 . 2013-09-04 02:16 -------- d-----w- c:\users\Annette\AppData\Local\Programs
2013-09-02 20:42 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-01 02:45 . 2013-09-01 02:45 -------- d-----w- c:\users\Jamie\AppData\Roaming\RealNetworks
2013-09-01 02:44 . 2013-09-13 23:19 -------- d-----w- c:\program files (x86)\RealNetworks
2013-09-01 02:44 . 2013-09-01 02:44 -------- d-----w- c:\programdata\RealNetworks
2013-09-01 02:44 . 2013-09-13 23:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-09-01 02:44 . 2013-09-01 02:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-09-01 02:44 . 2013-09-01 02:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-09-01 02:18 . 2013-09-01 02:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 02:18 . 2013-09-01 02:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-31 22:17 . 2013-08-31 22:16 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-31 22:17 . 2013-08-31 22:16 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-31 22:17 . 2013-08-31 22:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 21:31 . 2013-09-05 12:17 -------- d-----w- c:\users\Jamie\AppData\Local\DefineExt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 19:29 . 2013-08-23 19:30 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24827232-0397-47A6-81D1-904EB9FBF015}\gapaengine.dll
2013-08-05 20:14 . 2010-08-02 22:00 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-26 05:13 . 2013-08-15 07:28 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-07-26 05:13 . 2013-08-15 07:28 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 05:13 . 2013-08-15 07:28 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-07-26 05:12 . 2013-08-15 07:28 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-07-26 05:12 . 2013-08-15 07:28 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-07-26 05:12 . 2013-08-15 07:28 855552 ----a-w- c:\windows\system32\jscript.dll
2013-07-26 05:12 . 2013-08-15 07:28 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 05:12 . 2013-08-15 07:28 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-07-26 05:12 . 2013-08-15 07:28 526336 ----a-w- c:\windows\system32\ieui.dll
2013-07-26 05:12 . 2013-08-15 07:28 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 05:12 . 2013-08-15 07:28 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 05:12 . 2013-08-15 07:28 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-07-26 05:12 . 2013-08-15 07:28 2647040 ----a-w- c:\windows\system32\iertutil.dll
2013-07-26 05:12 . 2013-08-15 07:28 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-07-26 03:35 . 2013-08-15 07:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 03:13 . 2013-08-15 07:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-26 03:12 . 2013-08-15 07:28 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-07-26 03:12 . 2013-08-15 07:28 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-07-26 03:12 . 2013-08-15 07:28 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49 . 2013-08-15 07:28 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39 . 2013-08-15 07:28 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-26 01:59 . 2013-08-15 07:28 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25 . 2013-08-14 17:49 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:49 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 17:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-17 23:53 . 2011-03-26 14:27 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 06:03 . 2013-08-14 17:49 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:54 . 2013-08-14 17:49 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 05:53 . 2013-08-14 17:49 243712 ----a-w- c:\windows\system32\wow64.dll
2013-07-09 05:52 . 2013-08-14 17:50 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 17:49 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 17:50 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 17:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 17:50 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 05:03 . 2013-08-14 17:49 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 17:49 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 17:49 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-09 04:52 . 2013-08-14 17:49 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 17:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-09 04:52 . 2013-08-14 17:50 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 17:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 17:50 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 17:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-09 04:45 . 2013-08-14 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-09 02:49 . 2013-08-14 17:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-09 02:49 . 2013-08-14 17:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-09 02:49 . 2013-08-14 17:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49 . 2013-08-14 17:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-07-06 06:03 . 2013-08-14 17:49 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-09-01 295512]
.
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Jessica.Annette-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 01:00 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 02:18]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 21:52]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-25  08:33:31
ComboFix-quarantined-files.txt  2013-09-25 12:33
ComboFix2.txt  2013-09-24 01:09
.
Pre-Run: 209,287,057,408 bytes free
Post-Run: 209,210,441,728 bytes free
.
- - End Of File - - 25242A9AB4BECC1527C0DA9961780B9E
CDB4DE4BBD714F152979DA2DCBEF57EB
 
 
I also ran another scan with the Malwarebytes I did not realize I accidentally ran a quick instead of a full scan until I got ready to post. I will run another full scan this afternoon when I get home, but here is the log for the quick scan if it helps. 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.08
 
Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 10.0.9200.16660
Annette :: ANNETTE-PC [administrator]
 
9/25/2013 8:01:54 AM
MBAM-log-2013-09-25 (08-19-53).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 297089
Time elapsed: 2 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data:  -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
 
Files Detected: 2
C:\Users\Jamie\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\Jessica.Annette-PC\Downloads\iLividSetup-r157-n-bi.exe (PUP.Optional.Bandoo) -> No action taken.
 
(end)
 
May I ask how this is going - what the scans are telling you about my computer?
Link to post
Share on other sites

They show that some adware was running on your computer - but nothing explains your disappearing network adapter.

Let´s see:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender


    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

I can not run the ESET scan as the computer with the problem is not able to access the internet at this time. Right now I am using another computer to download the requested programs to a UBS and then transferring them to the problem computer.

 

We ran the FSS last Thursday - would you like me to run again?

 

Thank you!

Link to post
Share on other sites

You´re right...let´s try something else.

 

 

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.

Link to post
Share on other sites

I did not understand the Kaspersky notes as well as I thought. I ran the disc and a DOS menu kept coming up. Apparently when I used Nero to write the disc I should of written as an image, and not a bootable disc. So I have found my mistake and hopefully tomorrow I will be able to post a log of the results. 

 

Sorry for the wait.

Link to post
Share on other sites

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates



then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Link to post
Share on other sites

The scan did find some errors in the check disk which it fixed and otherwise everything was fine, however after, every time I open a program it asks if mmc.exe can make changes to my hard drive, and the windows trouble shoot now no longer works. Also I tried to connect to the internet after and could not, and again when I tried to repair the driver it gave me the Sleep Mode message again. 

 

The really weird thing is I can still ping my router from the bad computer and am coming up with everything ok. So it is not a hardware issue, very confusing. 

 

I think I have too many programs / scans running and it might be effecting anything new.  I would like to do a restore on the Windows repair, and if you could give me direction on removing the malware you are seeing from the scans and then removing the programs.

 

Unless you have anymore suggestions at this point I think I might just buy a ubs wireless adapter and see if I can connect from there. This might just be an unsolvable problem. 

 

Thank you,

Link to post
Share on other sites

OK, the scans came up clean.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.