1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unidentified network/ limited access

Discussion in 'Virus & Other Malware Removal' started by Jack_Skellington, Oct 5, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Hey,
    So every so often my computer would start nod would say limited acres but fix itself within the first minute or so. This time however, it has been in the same state for several days and I have been unable to fix it. I looked through several other posts and tried the netsh resets but they did not seem to do anything. Here is my ipconfig /all which I assume has some problems for I have no default gateway and the dns severs seem like gibberish. I use windows 7
    Please help!

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.
    C:\Users\Steven>ipconfig /all
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : Anastasia
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
    Physical Address. . . . . . . . . : 00-27-10-0B-C1-90
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::587:f619:17d2:299d%14(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.41.157(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 218113808
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-1C-5F-B8-00-26-B9-F6-FE-15
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Hamachi Network Interface
    Physical Address. . . . . . . . . : 7A-79-05-9B-C1-0C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::5d53:6d35:159d:f6f7%22(Preferred)
    IPv4 Address. . . . . . . . . . . : 5.155.193.12(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.0.0.0
    Lease Obtained. . . . . . . . . . : Thursday, October 04, 2012 8:04:59 PM
    Lease Expires . . . . . . . . . . : Friday, October 04, 2013 8:07:06 PM
    Default Gateway . . . . . . . . . :
    DHCP Server . . . . . . . . . . . : 5.0.0.1
    DHCPv6 IAID . . . . . . . . . . . : 578451842
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-1C-5F-B8-00-26-B9-F6-FE-15
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{24A271DD-FE60-4EAF-A085-7D22B87769FC}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{D510F7ED-6F5C-48CE-837B-FF76E8CECD47}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Reusable ISATAP Interface {984CBBCB-5646-483C-A4A7-DD04BEE8F501}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{CC44CF7C-84D4-4DE2-9B74-3841716E7712}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.Chau2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    C:\Users\Steven>
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,965
    First Name:
    Wayne
    you do not have DHCP enabled I suspect that may be the issue
    DHCP Enabled. . . . . . . . . . . : No

    try this
    Setup to Automatically get IP and DNS
    WINDOWS 7
    ---------
    Setup to Automatically get an IP and DNS (DHCP) - for Windows 7
    http://windows.microsoft.com/en-US/windows7/Change-TCP-IP-settings
     
  3. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Thanks for replying etaf i really appreciate it.
    Alright, so I say it back to automatic, but I still only have limited access. I had attempted to set it as a static ip from a solution on another post, but could not find my dns or default gateway to include. I also tried starting a list of services and discovered that computer browser is not started, although it is set to automatic. It will also not let kme start it, giving me the "error 1060: the specified service does not exist as an installed service". I'm not sure if this is useful information just other things I have tried in resolving this issue.
     
  4. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,965
    First Name:
    Wayne
    What firewall / security suite or anti-virus do you currently have on the PC - or you have ever had on the PC in the past - any trial ware - like Norton, Mcafee , AVG etc

    http://www.blackviper.com/windows-services/computer-browser/
    lets see the rest
    ------------------------------------------------------------------------
    Status of Services

    We would like to see some status information for each of the services listed below.

    To do this goto

    Start> Run {search bar in Vista/W7}> type CMD to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

    Type the following command
    SERVICES.MSC

    OR
    Control Panel>
    Administrative Tools>
    Services>

    then for each of the services listed below - Please post back the following status information;
    If the service is set to Started or Stopped
    and
    If the service is set to Automatic or Manual

    • COM+ Event System (for WZC issues)
    • Computer Browser
    • DHCP Client
    • DNS Client
    • Network Connections
    • Network Location Awareness
    • Remote Procedure Call (RPC)
    • Server
    • TCP/IP Netbios helper
    • Wireless Zero Configuration (XP wireless configurations only)
    • WLAN AutoConfig (Windows 7 & Vista wireless configurations only)
    • Workstation


    If any of those services are not started/running,
    then right click on the service
    then from the menu choose properties and now check the dependencies.

    for each dependancy entry - Check each of one of the dependencies and see which one is preventing the service from running/starting.

    ---------
     
  5. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Thanks for the quick reply!
    I use malware bytes for protection, and windows firewall will not let me change anything giving me "error code 0x80070424".

    Ahh yes that list ok,
    As I said before computer browser is not running, but after reading the link you sent it appear toy is not needed

    COM+ Event System (for WZC issues) : started and automatic
    DHCP Client : started and automatic
    DNS Client : started and automatic
    Network Connections : started and automatic
    Network Location Awareness : started and automatic
    Remote Procedure Call (RPC) : started and automatic
    Server : started and automatic
    TCP/IP Netbios helper : started and automatic
    Wireless Zero Configuration (XP wireless configurations only) : N/A
    WLAN AutoConfig (Windows 7 & Vista wireless configurations only) : started and automatic
    Workstation : started and automatic
     
  6. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,965
    First Name:
    Wayne
  7. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    I'm sorry for the late reply it took me a while to get another computer to download the tests on.

    But here are the logs you asked for:

    First off highjack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:30:12 PM, on 5/15/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -

    C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 9005 bytes


    Next DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Steven at 19:16:56 on 2012-10-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2842 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: Interfaces\{D510F7ED-6F5C-48CE-837B-FF76E8CECD47}\2457666616C6F6 : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{D510F7ED-6F5C-48CE-837B-FF76E8CECD47}\4584F4D435F4E4 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D510F7ED-6F5C-48CE-837B-FF76E8CECD47}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D510F7ED-6F5C-48CE-837B-FF76E8CECD47}\D4F64756C60263 : DhcpNameServer = 10.128.128.128
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-16 8704]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
    R2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [2009-8-6 424448]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
    S3 NisSrv;NisSrv;"c:\Program Files\Microsoft Security Client\NisSrv.exe" --> c:\Program Files\Microsoft Security Client\NisSrv.exe [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-24 155344]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-2-13 25832]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-10-05 18:28:16 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-10-05 18:28:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-10-05 18:28:08 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-10-05 18:28:08 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-10-05 18:27:16 -------- d-----w- C:\Windows\System32\RsFx
    2012-10-05 18:21:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2012-10-05 18:20:40 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2012-10-05 18:20:01 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2012-10-05 18:20:01 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2012-10-05 18:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-10-05 18:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-10-05 18:18:31 -------- d-----w- C:\ProgramData\PreEmptive Solutions
    2012-10-05 18:15:04 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
    2012-10-05 18:14:55 -------- d-----w- C:\Program Files\IIS
    2012-10-05 18:14:55 -------- d-----w- C:\Program Files (x86)\IIS
    2012-10-05 18:14:03 3640672 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-10-05 18:06:15 -------- d-----w- C:\Windows\SysWow64\1033
    2012-10-05 18:05:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
    2012-10-05 18:05:43 -------- d-----w- C:\Program Files (x86)\Microsoft F#
    2012-10-05 18:05:43 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
    2012-10-05 18:05:43 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
    2012-10-05 18:01:58 -------- d-----w- C:\Windows\System32\1033
    2012-10-05 18:01:58 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
    2012-10-05 18:01:58 -------- d-----w- C:\Program Files\Microsoft Help Viewer
    2012-10-04 04:27:05 -------- d-----w- C:\Windows\System32\catroot2
    2012-10-03 21:30:47 -------- d-----w- C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite
    2012-10-03 21:30:43 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2012-09-16 18:32:17 33856 ---ha-w- C:\Windows\System32\hamachi.sys
    2012-09-16 18:32:06 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-09-14 18:24:44 -------- d-----w- C:\Program Files\IDT
    2012-09-14 18:24:31 -------- d-----w- C:\SwSetup
    2012-09-09 00:58:47 -------- d-----w- C:\Riot Games
    2012-09-08 23:46:36 -------- d-----w- C:\Program Files (x86)\League of Legends
    2012-09-08 22:58:33 -------- d-----w- C:\Users\Steven\AppData\Roaming\Stardock
    2012-09-08 22:58:32 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
    2012-09-08 22:58:31 -------- d-----w- C:\Program Files (x86)\Stardock
    2012-09-08 22:58:05 -------- d-----w- C:\Users\Steven\AppData\Local\PackageAware
    2012-09-08 20:04:26 -------- d-----w- C:\Users\Steven\AppData\Roaming\e-academy Inc
    2012-09-08 20:04:26 -------- d-----w- C:\c++
    .
    ==================== Find3M ====================
    .
    2012-08-20 16:30:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-20 16:30:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 19:17:38.17 ===============


    And finally Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/3/2011 11:54:03 PM
    System Uptime: 10/5/2012 5:44:31 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0J509P
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 1600/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 187.686 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02EB1028&REV_01\4&1C5DEFC8&0&02E3
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02EB1028&REV_01\4&1C5DEFC8&0&02E3
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02EB1028&REV_03\4&7981143&0&00E5
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02EB1028&REV_03\4&7981143&0&00E5
    Service: RTL8167
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F89D75F&1&03
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F89D75F&1&03
    Service: vwifimp
    .
    Class GUID:
    Description:
    Device ID: ACPI\SMO8800\1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\SMO8800\1
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F89D75F&1&04
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F89D75F&1&04
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP166: 9/19/2012 2:23:17 PM - Scheduled Checkpoint
    RP167: 9/26/2012 7:02:43 PM - Scheduled Checkpoint
    RP168: 10/3/2012 2:33:38 PM - Device Driver Package Install: DT Soft Ltd System devices
    RP169: 10/3/2012 4:09:38 PM - Device Driver Package Install: Microsoft Network adapters
    RP170: 10/3/2012 4:30:45 PM - Restore Operation
    RP171: 10/5/2012 10:29:52 AM - Device Driver Package Install: DT Soft Ltd System devices
    RP172: 10/5/2012 10:54:40 AM - Windows Update
    RP173: 10/5/2012 12:08:55 PM - Revo Uninstaller's restore point - DAEMON Tools Lite
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Apple Application Support
    Apple Software Update
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Pro Control Center
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Crystal Reports for Visual Studio
    Dell Resource CD
    Diablo II
    Diablo III
    Dotfuscator Software Services - Community Edition
    Dragon Age: Origins
    Fences
    Global Agenda Live
    Google Chrome
    Hi-Rez Studios Authenticate and Update Service
    HijackThis 2.0.2
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 29
    League of Legends
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    NVIDIA PhysX
    Pando Media Booster
    PokerStars.net
    Revo Uninstaller 1.94
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.8
    Smite Closed Beta
    Sony Ericsson PC Companion 2.02.002
    Steam
    Super Monday Night Combat
    The Elder Scrolls V: Skyrim
    Tribes Ascend
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/28/2012 5:01:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/28/2012 5:01:03 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/5/2012 7:06:10 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    10/5/2012 5:45:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter speedfan
    10/5/2012 5:45:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    10/5/2012 5:45:21 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/5/2012 5:45:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/1/2012 3:30:48 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/1/2012 3:30:48 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    .
    ==== End Of File ===========================
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and welcome!

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
    ----------
     
  9. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Thankyou for your response Jeff,

    I ran combo fix and attached the log:
    Also, just f.y.i. the first time i ran it, it failed, don't know if that matters.
     

    Attached Files:

  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Thanks for letting me know about ComboFix. :)

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Post the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    ----------

    Please post the logs made by ComboFix and Farbars Service Scanner and also let me know how your system is running.
     
  11. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Thanks again for all your help,

    alright here they are::

    First Combofix again:

    ComboFix 12-10-04.02 - Steven 10/06/2012 12:58:22.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2816 [GMT -7:00]
    Running from: c:\users\Steven\Desktop\ComboFix.exe
    Command switches used :: c:\users\Steven\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-06 20:03 . 2012-10-06 20:03 -------- d-----w- c:\users\Peoplesesies\AppData\Local\temp
    2012-10-06 20:03 . 2012-10-06 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-06 19:47 . 2012-10-06 19:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9212C832-D957-46C6-A014-B6F127FF7B3E}\offreg.dll
    2012-10-06 17:38 . 2012-10-06 17:39 -------- d-----w- C:\WINSSLog
    2012-10-05 18:28 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-10-05 18:28 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-10-05 18:28 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-10-05 18:28 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-10-05 18:27 . 2012-10-05 18:27 -------- d-----w- c:\windows\system32\RsFx
    2012-10-05 18:26 . 2012-10-05 18:26 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2012-10-05 18:25 . 2012-10-05 18:25 -------- d-----w- c:\program files\Microsoft.NET
    2012-10-05 18:21 . 2012-10-05 18:27 -------- d-----w- c:\program files\Microsoft SQL Server
    2012-10-05 18:20 . 2012-10-05 18:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
    2012-10-05 18:20 . 2012-10-05 18:20 -------- d-----w- c:\program files\Microsoft Sync Framework
    2012-10-05 18:20 . 2012-10-05 18:20 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2012-10-05 18:20 . 2012-10-05 18:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2012-10-05 18:19 . 2012-10-05 18:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2012-10-05 18:19 . 2012-10-05 18:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-10-05 18:18 . 2012-10-05 18:18 -------- d-----w- c:\programdata\PreEmptive Solutions
    2012-10-05 18:15 . 2012-10-05 18:15 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
    2012-10-05 18:14 . 2012-10-05 18:14 -------- d-----w- c:\program files\IIS
    2012-10-05 18:14 . 2012-10-05 18:14 -------- d-----w- c:\program files (x86)\IIS
    2012-10-05 18:14 . 2012-10-05 18:32 3640672 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-10-05 18:06 . 2012-10-05 18:26 -------- d-----w- c:\windows\SysWow64\1033
    2012-10-05 18:05 . 2012-10-05 18:18 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
    2012-10-05 18:05 . 2012-10-05 18:10 -------- d-----w- c:\program files (x86)\Microsoft F#
    2012-10-05 18:05 . 2012-10-05 18:10 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
    2012-10-05 18:05 . 2012-10-05 18:08 -------- d-----w- c:\program files (x86)\HTML Help Workshop
    2012-10-05 18:02 . 2012-10-05 18:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
    2012-10-05 18:01 . 2012-10-05 18:26 -------- d-----w- c:\windows\system32\1033
    2012-10-05 18:01 . 2012-10-05 18:20 -------- d-----w- c:\program files (x86)\Microsoft SDKs
    2012-10-05 18:01 . 2012-10-05 18:01 -------- d-----w- c:\windows\symbols
    2012-10-05 18:01 . 2012-10-05 18:01 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2012-10-05 18:01 . 2012-10-05 18:01 -------- d-----w- c:\program files\Microsoft Help Viewer
    2012-10-04 04:27 . 2012-10-05 17:55 -------- d-----w- c:\windows\system32\catroot2
    2012-10-03 21:30 . 2012-10-05 19:11 -------- d-----w- c:\users\Steven\AppData\Roaming\DAEMON Tools Lite
    2012-10-03 21:30 . 2012-10-05 19:11 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2012-09-17 16:47 . 2012-09-17 16:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-09-16 18:32 . 2009-03-19 00:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
    2012-09-16 18:32 . 2012-09-16 18:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-09-14 18:24 . 2012-09-14 18:24 -------- d-----w- c:\program files\IDT
    2012-09-14 18:24 . 2012-09-14 18:24 -------- d-----w- C:\SwSetup
    2012-09-12 06:20 . 2012-10-06 17:46 -------- d-----w- c:\users\studio
    2012-09-09 00:58 . 2012-09-09 00:58 -------- d-----w- C:\Riot Games
    2012-09-08 23:46 . 2012-09-08 23:46 -------- d-----w- c:\program files (x86)\League of Legends
    2012-09-08 22:58 . 2012-09-08 22:58 -------- d-----w- c:\users\Steven\AppData\Roaming\Stardock
    2012-09-08 22:58 . 2012-09-08 22:58 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
    2012-09-08 22:58 . 2012-09-08 22:58 -------- d-----w- c:\program files (x86)\Stardock
    2012-09-08 22:58 . 2012-09-08 22:58 -------- d-----w- c:\users\Steven\AppData\Local\PackageAware
    2012-09-08 20:04 . 2012-09-12 06:04 -------- d-----w- C:\c++
    2012-09-08 20:04 . 2012-09-08 20:04 -------- d-----w- c:\users\Steven\AppData\Roaming\e-academy Inc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-20 16:30 . 2012-04-17 23:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-20 16:30 . 2011-10-04 14:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 08:28 . 2011-12-24 23:53 59701280 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    R1 aoqiuicv;aoqiuicv;c:\windows\system32\drivers\aoqiuicv.sys [x]
    R1 jfglszih;jfglszih;c:\windows\system32\drivers\jfglszih.sys [x]
    R1 pmzqnrac;pmzqnrac;c:\windows\system32\drivers\pmzqnrac.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
    R3 ALSysIO;ALSysIO;c:\users\Steven\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-11-13 13352]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-04 1255736]
    R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635460898-3854813705-195449599-1000Core.job
    - c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 00:48]
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635460898-3854813705-195449599-1000UA.job
    - c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 00:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-13 450048]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:70,ed,4d,7e,62,69,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-06 13:06:11
    ComboFix-quarantined-files.txt 2012-10-06 20:06
    ComboFix2.txt 2012-10-06 18:29
    .
    Pre-Run: 203,888,164,864 bytes free
    Post-Run: 203,582,496,768 bytes free
    .
    - - End Of File - - FB08724642F5C943CD86DB66E0B9D4EB


    and now FFS.txt :

    Farbar Service Scanner Version: 19-09-2012
    Ran by Steven (administrator) on 06-10-2012 at 13:10:46
    Running from "C:\Users\Steven\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download TDSSKiller
    • Double click TDSSKiller.exe
    • When the window opens, click on Change Parameters
    • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
    • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
      items.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
  13. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    Alright I ran TDSSkiller and there were 5 logs in C:/. I wasnt sure which one you needed so I jsut attached all of them.
     

    Attached Files:

  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Ok....run TDSSKiller again and when you see this >> \Device\Harddisk0\DR0 ( TDSS File System ) be sure to remove it.

    Post the new TDSSKiller log. :)
     
  15. Jack_Skellington

    Jack_Skellington Thread Starter

    Joined:
    Oct 4, 2012
    Messages:
    13
    ok I deleted it and here is the new log.

    But i noticed something odd, when i first ran TDDS it found two "threats", but this time it only found the one that you had mentioned.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unidentified network limited
  1. Moizen94
    Replies:
    5
    Views:
    342
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1071477

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice