DDS and CF Log - Strange Issue, any ideas Waddler?

GunJack · 23 October 2013 at 10:02AM

Strange one this, restore points being hidden/deleted, IE8 there but not right (the print/tools/options not available), no access to Internet Options via control panel. IE won't uninstall or re-install. Already got a pile of PUPs off it (pricegong, etc). Running XP. Installed chrome as a test, Delta Search engine was added as default provider during install, sorted that but IE still corrupt. What am I missing? I'm a bit rusty and out of practice with DDS and CF so would appreciate a second opinion.....

GunJack · 23 October 2013 at 10:03AM

ComboFix 13-10-21.01 - owner 22/10/2013 19:55:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2013.1507 [GMT 1:00]
Running from: f:\utilities\Security Installers\ComboFix1.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-22 to 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-22 18:32 . 2013-10-22 18:35

d

w- c:\documents and settings\Administrator
2013-10-18 13:05 . 2013-10-18 13:05

d

w- c:\windows\system32\wbem\Repository
2013-10-18 12:56 . 2013-10-18 12:57

d--h--w- c:\windows\ie8
2013-10-17 17:44 . 2013-10-18 12:57

d

w- c:\documents and settings\owner\Local Settings\Application Data\Conduit
2013-10-11 07:20 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-11 07:20 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-10-11 07:19 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 07:19 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-11 07:19 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 07:18 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-11 07:18 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 07:18 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-09-26 18:00 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-18 13:31 . 2013-04-03 10:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-18 13:31 . 2013-04-03 10:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33 . 2004-08-04 12:00 920064

w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 12:00 43520

w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 12:00 1469440

w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 12:00 18944

w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-09-16 14:34 . 2013-09-16 14:34 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-16 14:34 . 2013-09-16 14:34 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-30 07:48 . 2013-03-23 13:12 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-03-23 13:12 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-23 13:12 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-03-23 13:12 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-03-23 13:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-23 13:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-23 13:12 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-23 13:12 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-03-23 13:12 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-03-23 13:12 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 01:31 . 2004-08-04 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2013-04-03 09:31 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-04 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 06:05 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-08-08 06:05 . 2004-08-04 12:00 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-08-08 06:05 . 2004-08-04 12:00 1215488 ----a-w- c:\windows\system32\urlmon(2).dll
2013-08-08 06:05 . 2004-08-04 12:00 105984 ----a-w- c:\windows\system32\url(3).dll
2013-08-08 06:05 . 2004-08-04 12:00 105984 ----a-w- c:\windows\system32\url(2).dll
2013-08-05 13:30 . 2004-08-04 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 21:47 1543680

w- c:\windows\system32\wmvdecod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe Brother DCP-197C /STARTUP [2013-4-8 1150976]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-01-19 07:37 1150976 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 14:53 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2012-05-23 15:00 41122448 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-02-23 12:38 164352 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-02-23 12:38 129536 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232

w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-02-23 12:38 140800 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23/03/2013 14:12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23/03/2013 14:12 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2013 14:12 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2013 14:12 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2013 14:12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23/03/2013 14:12 66336]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [23/03/2013 13:21 82032]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [04/05/2012 20:31 2799728]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [26/06/2009 16:29 1656960]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [04/05/2012 20:31 88688]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 13:31]
.
2013-10-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-23 07:47]
.
2013-10-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-03 15:51]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.talktalk.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-22 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.

LOCKED REGISTRY KEYS

.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.

DLLs Loaded Under Running Processes

.
- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-10-22 20:01:31
ComboFix-quarantined-files.txt 2013-10-22 19:01
ComboFix2.txt 2013-10-22 18:44
ComboFix3.txt 2013-10-22 18:27
.
Pre-Run: 60,142,518,272 bytes free
Post-Run: 60,133,396,480 bytes free
.
- - End Of File - - 5EDEAC27D1C0618E4BDFD996049CAF9C
8F558EB6672622401DA993E1E865C861

GunJack · 23 October 2013 at 10:04AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by owner at 22:01:11 on 2013-10-22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2013.1629 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364044080328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364984828156
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{DFC09B98-6591-4717-ABE7-331B22E5D806} : DHCPNameServer = 192.168.1.1 0.0.0.0
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-23 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-23 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-23 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-23 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-23 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-23 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-23 46808]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2013-3-23 82032]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-5-4 2799728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-26 1656960]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2012-5-4 88688]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\Winword.exe="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-10-22 20:41:28 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-22 20:41:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-22 20:01:05

d

w- c:\windows\system32\wbem\repository\FS
2013-10-22 20:01:05

d

w- c:\windows\system32\wbem\Repository
2013-10-22 19:59:10

d--h--w- c:\windows\ie8
2013-10-22 19:58:51

d

w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2013-10-22 19:02:53

d

w- C:\RECYCLER(2)
2013-10-22 18:21:50

d

w- C:\cmdcons
2013-10-17 17:44:58

d

w- c:\documents and settings\owner\local settings\application data\Conduit
2013-10-11 07:20:28 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-11 07:20:28 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-10-11 07:19:02 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 07:19:02 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-11 07:19:02 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 07:18:08 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 07:18:08 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-11 07:18:08 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-09-26 18:00:39 209272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-09-23 08:30:16 17226632 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-10-09 11:31:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 11:31:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet(4)(3).dll
2013-09-23 18:33:58 920064

w- c:\windows\system32\wininet.dll
2013-09-23 18:33:58 1215488 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2013-09-23 18:33:58 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2013-09-23 18:33:57 43520

w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 2006016 ----a-w- c:\windows\system32\iertutil(2)(2)(2).dll
2013-09-23 18:33:57 1469440

w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:57 11113472 ----a-w- c:\windows\system32\ieframe(2)(2)(2).dll
2013-09-23 18:33:56 18944

w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k(2)(2)(2)(2).sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet(5)(2).dll
2013-08-08 06:05:59 1215488 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2013-08-08 06:05:59 1215488 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2013-08-08 06:05:59 105984 ----a-w- c:\windows\system32\url(5)(2).dll
2013-08-08 06:05:59 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18:38 1543680

w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 22:01:41.75 ===============

waddler_8 · 23 October 2013 at 1:01PM

Looks fine - are restore points being created?

Start > run > inetcpl.cpl > ok - What happens?

GunJack · 23 October 2013 at 1:24PM

thanks mate, will have to try this when I go and get the pc, had to leave it there last night. CF seemed to be creating them ok, but at last check all but the last one had been hidden or removed... being able to get into IE to check the add-ons and internet options is the next step...last thing I want to end up doing is having to re-install XP because of IE

spud17 · 23 October 2013 at 9:39PM

Hi GJ, Conduit there as well?

GunJack · 23 October 2013 at 10:29PM

ey up spud :wave: it was, an earlier mbam run shifted most of it, but can't access options in IE to manually remove any possible dodgy search engines left there

debitcardmayhem · 23 October 2013 at 11:02PM

Have you tried adwarecleaner ? GJ

debitcardmayhem · 23 October 2013 at 11:11PM

OH and this worked for me on a friends PC http://support.microsoft.com/kb/967896

GunJack · 24 October 2013 at 11:38AM

Hiya dcm :wave: awc is on my list, and I've already downloaded that fixit to try...won't be seeing the little blighter 'till friday now, so am arming myself in advance

spud17 · 24 October 2013 at 9:43PM

+1 for adwarecleaner

DDS and CF Log - Strange Issue, any ideas Waddler?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free