Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Spyware Infection


  • This topic is locked This topic is locked
31 replies to this topic

#1 troubledcomputer

troubledcomputer

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 12 December 2013 - 10:57 PM

Mod Edit: moved to Removal logs forum ~~ boopme


Hi guys!
 
I think my computer is infected with malwares/spywares or viruses. It is not working properly as it should be.
 
The Super Antispyware program can't be updated.
 
My AVG Antivirus is also not working properly. It says "There are no active components". I tried to uninstall it but error always appears.
 
Then, just recently, my wife unknowingly opened an attachment in an email which I believe is a spam or contains virus.
 
Please help.
 
Thanks.
 
Richard

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs being included with the posted topic. ~ Animal
 
Hi,
 
Sorry, the DDS log (Attach.txt) did not attach. I don't know why. Anyway, I just copied and paste the log here. Please see below:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2013 2:33:30 AM
System Uptime: 12/13/2013 10:48:25 AM (1 hours ago)
.
Motherboard: ECS |  | GeForce6100PM-M2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2  | 1800/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 55 GiB total, 39.447 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 20 GiB total, 12.19 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP33: 12/8/2013 10:16:51 AM - Revo Uninstaller's restore point - SUPERAntiSpyware
RP34: 12/8/2013 11:05:10 AM - Installed HiJackThis
RP36: 12/8/2013 11:35:30 AM - Revo Uninstaller's restore point - AVG 2014
RP37: 12/8/2013 11:36:06 AM - Removed AVG 2014
RP39: 12/8/2013 11:41:15 AM - Revo Uninstaller's restore point - AVG 2014
RP40: 12/8/2013 11:42:06 AM - Removed AVG 2014
RP42: 12/9/2013 6:53:00 PM - Revo Uninstaller's restore point - Facebook Video Calling 1.2.0.287
RP43: 12/9/2013 6:53:15 PM - Removed Facebook Video Calling 1.2.0.287
RP45: 12/9/2013 6:54:12 PM - Revo Uninstaller's restore point - Google Chrome
RP47: 12/9/2013 6:55:46 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
µTorrent
AVG 2014
Canon iP2700 series Printer Driver
Cisco Connect
Facebook Video Calling 1.2.0.287
Foxit Reader
Google Chrome
Google Update Helper
HiJackThis
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.60
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Revo Uninstaller 1.95
Skype 6.11
SUPERAntiSpyware
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/8/2013 10:53:38 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2013 10:53:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2013 10:53:37 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/8/2013 10:53:37 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/8/2013 10:53:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2013 10:53:30 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/8/2013 10:53:26 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiskx Avgfwfd AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:53:25 AM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/8/2013 10:23:27 AM, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
12/13/2013 8:37:25 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error:  An instance of the service is already running.
12/13/2013 8:36:45 AM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 4 time(s).
12/13/2013 8:36:45 AM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 4 time(s).
12/13/2013 8:36:40 AM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 3 time(s).
12/13/2013 8:36:40 AM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 3 time(s).
12/13/2013 10:54:24 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:  An instance of the service is already running.
12/13/2013 10:49:24 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error:  An instance of the service is already running.
12/13/2013 10:49:24 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
12/13/2013 10:49:24 AM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
12/13/2013 10:48:59 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/13/2013 10:48:59 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
12/13/2013 10:48:59 AM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/13/2013 10:48:59 AM, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/13/2013 10:48:53 AM, Error: Service Control Manager [7024]  - The AVG WatchDog service terminated with service-specific error %%-536769021.
12/13/2013 10:35:36 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
12/11/2013 8:25:11 AM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 2 time(s).
12/10/2013 6:26:31 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 15 time(s).
12/10/2013 6:26:31 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 15 time(s).
12/10/2013 6:26:24 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 14 time(s).
12/10/2013 6:26:24 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 14 time(s).
12/10/2013 6:26:21 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 13 time(s).
12/10/2013 6:26:21 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 13 time(s).
12/10/2013 6:26:16 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 12 time(s).
12/10/2013 6:26:16 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 12 time(s).
12/10/2013 6:26:13 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 11 time(s).
12/10/2013 6:26:13 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 11 time(s).
12/10/2013 6:26:10 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 10 time(s).
12/10/2013 6:26:10 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 10 time(s).
12/10/2013 6:26:07 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 9 time(s).
12/10/2013 6:26:07 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 9 time(s).
12/10/2013 6:26:07 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 5 time(s).
12/10/2013 6:26:07 PM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/10/2013 6:25:16 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 8 time(s).
12/10/2013 6:25:16 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 8 time(s).
12/10/2013 6:25:16 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 4 time(s).
12/10/2013 6:24:57 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 7 time(s).
12/10/2013 6:24:57 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 7 time(s).
12/10/2013 6:24:57 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 3 time(s).
12/10/2013 6:24:54 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 6 time(s).
12/10/2013 6:24:54 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 6 time(s).
12/10/2013 6:24:50 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 5 time(s).
12/10/2013 6:24:50 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 5 time(s).
.
==== End Of File ===========================

Edited by boopme, 12 December 2013 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 17 December 2013 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517321 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 19 December 2013 - 08:20 AM

Hi,

 

I still need your help guys.

 

My AVG 2014 program is not working. The program says, "There are no active components" and an error occurs when I try to update it.

 

I also have a Super Antispyware program that is also not working properly and not updating.

 

I believe there is something wrong in my computer.

 

Please help me. Attached is the DDS log file "attach.txt" and I also copied and pasted the dds log below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514
Run by family at 21:13:28 on 2013-12-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1918.1199 [GMT 8:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uRun: [Facebook Update] "c:\users\family\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\users\family\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\family\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.1
TCP: Interfaces\{EBB46176-FCD5-47DC-94DB-3E4966DF6640} : DHCPNameServer = 192.168.254.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\zlvmygrp.default-1383308078564\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\family\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\family\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-11 120088]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-10-22 34432]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-13 04:32:13 -------- d-----r- c:\users\family\Dropbox
2013-12-13 04:29:43 -------- d-----w- c:\users\family\appdata\roaming\Dropbox
2013-12-12 01:31:01 49940480 ----a-w- c:\program files\GUT87A.tmp
2013-12-12 01:31:01 -------- d-----w- c:\program files\GUM879.tmp
2013-12-08 03:05:32 388096 ----a-r- c:\users\family\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-12-08 03:05:32 -------- d-----w- c:\program files\Trend Micro
2013-12-08 02:23:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-08 02:23:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-08 01:26:53 -------- d-----w- c:\program files\Cisco Systems
2013-12-08 01:24:32 -------- d-----w- c:\programdata\Cisco Systems
2013-11-29 13:15:07 -------- d-----w- c:\users\family\appdata\local\Facebook
.
==================== Find3M  ====================
.
2013-11-05 13:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 13:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 15:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 14:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-24 14:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-26 02:00:38 47928 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
.
============= FINISH: 21:13:54.94 ===============
 
 
I hope to receive some assistance from you guys.
 
Thanks.

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 22 December 2013 - 11:05 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

Mod Edit:  Topic reopened per OP PM request, instructed to follow HelpBot instructions - Hamluis.


Edited by hamluis, 23 December 2013 - 08:01 AM.


#5 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 December 2013 - 07:58 PM

Hi,

 

I still need your help guys.

 

My AVG 2014 program is not working. The program says, "There are no active components" and an error occurs when I try to update it.

 

I also have a Super Antispyware program that is also not working properly and not updating.

 

I believe there is something wrong in my computer. I don't have the original Windows CD/DVD as I bought the computer only at a retail store/used computer shop.

 

Please find attached in a zip folder the dds and attach log files.

 

Thank you.

Attached Files

  • Attached File  dds.zip   4.72KB   0 downloads


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 23 December 2013 - 11:03 PM

Greetings Richard and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
  • ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
    • FRST results
    • Addition log

Edited by Oh My, 23 December 2013 - 11:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 24 December 2013 - 05:45 AM

Hi Gary,

 

Thank you for attending to my need.

 

Below are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013
Ran by family (administrator) on FAMILY-PC on 24-12-2013 18:37:51
Running from C:\Users\family\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Dropbox, Inc.) C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG 
 
Technologies CZ, s.r.o.)
HKCU\...\Run: [Facebook Update] - C:\Users\family\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe [138096 2013-12-09] (Facebook Inc.)
MountPoints2: {848e9f21-638e-11e3-b144-001e90c5c284} - F:\AutoRun.exe
MountPoints2: {b51d1ed7-33c1-11e3-a465-001e90c5c284} - F:\AutoRun.exe
Startup: C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe 
 
(Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
 
0x405B93724DEBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-
 
us
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common 
 
Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:
 
\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
 
FireFox:
========
FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\zlvmygrp.default-
 
1383308078564
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program 
 
Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:
 
\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit 
 
Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program 
 
Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update
 
\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update
 
\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll 
 
(VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\family\AppData
 
\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.facebook.com/"
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Google Docs) - C:\Users\family\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\family\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (uTorrentControl_v6) - C:\Users\family\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.23.0.822_0
CHR Extension: (Google Search) - C:\Users\family\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Google Wallet) - C:\Users\family\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR Extension: (Gmail) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\family
 
\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files
 
\mystarttb\chrome-newtab-search.crx
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] 
 
(SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies 
 
CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG 
 
Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies 
 
CZ, s.r.o.)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies 
 
CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG 
 
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies 
 
CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG 
 
Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies 
 
CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies 
 
CZ, s.r.o.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] 
 
(SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] 
 
(SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-24 18:37 - 2013-12-24 18:38 - 00007411 _____ C:\Users\family\Desktop\FRST.txt
2013-12-24 18:37 - 2013-12-24 18:37 - 00000000 ____D C:\FRST
2013-12-24 18:36 - 2013-12-24 18:36 - 01061581 _____ (Farbar) C:\Users\family\Desktop
 
\FRST.exe
2013-12-24 08:57 - 2013-12-24 08:57 - 00004834 _____ C:\Users\family\Desktop\dds.zip
2013-12-24 08:50 - 2013-12-24 08:50 - 00008553 _____ C:\Users\family\Desktop\dds.txt
2013-12-24 08:50 - 2013-12-24 08:50 - 00007202 _____ C:\Users\family\Desktop\attach.txt
2013-12-24 08:39 - 2013-12-24 08:39 - 00688992 ____R (Swearware) C:\Users\family\Downloads
 
\dds.com
2013-12-23 13:57 - 2013-12-23 14:16 - 00000000 ____D C:\Users\family\Desktop\xmas party
2013-12-13 12:32 - 2013-12-24 18:21 - 00000000 ___RD C:\Users\family\Dropbox
2013-12-13 12:32 - 2013-12-20 09:32 - 00001021 _____ C:\Users\family\Desktop\Dropbox.lnk
2013-12-13 12:30 - 2013-12-20 09:32 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-13 12:29 - 2013-12-24 18:21 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Dropbox
2013-12-13 12:11 - 2013-12-13 12:26 - 35334016 _____ (Dropbox, Inc.) C:\Users\family
 
\Downloads\Dropbox 2.4.7.exe
2013-12-13 11:15 - 2013-12-13 11:15 - 00003216 _____ C:\Users\family\Desktop\hijackthis.log
2013-12-13 10:20 - 2013-12-13 10:20 - 00221184 _____ C:\Users\family\Downloads\2014-
 
Monthly-Calendar.xls
2013-12-12 09:31 - 2013-12-12 09:31 - 49940480 _____ C:\Program Files\GUT87A.tmp
2013-12-12 09:31 - 2013-12-12 09:31 - 00000000 ____D C:\Program Files\GUM879.tmp
2013-12-12 08:30 - 2013-12-12 08:30 - 00180708 _____ C:\Users\family\Downloads\copy (1).htm
2013-12-12 08:29 - 2013-12-12 08:29 - 00180708 _____ C:\Users\family\Downloads\copy.htm
2013-12-09 19:15 - 2013-12-09 19:15 - 00501248 _____ (Facebook Inc.) C:\Users\family
 
\Downloads\FacebookVideoCallSetup_v122050.exe
2013-12-09 19:11 - 2013-12-09 19:11 - 00002205 _____ C:\Users\Public\Desktop\Google 
 
Chrome.lnk
2013-12-09 19:02 - 2013-12-24 18:21 - 00000882 _____ C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2013-12-09 19:02 - 2013-12-24 10:12 - 00000886 _____ C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2013-12-09 19:02 - 2013-12-09 19:11 - 00000000 ____D C:\Program Files\Google
2013-12-09 19:01 - 2013-12-09 19:02 - 00819184 _____ (Google Inc.) C:\Users\family
 
\Downloads\ChromeSetup.exe
2013-12-08 11:32 - 2013-12-08 11:32 - 01565744 _____ C:\Users\family\Downloads
 
\AVG_Remover_en.exe
2013-12-08 11:06 - 2013-12-08 11:11 - 00003608 _____ C:\Users\family\Documents
 
\hijackthis.log
2013-12-08 11:05 - 2013-12-08 11:05 - 00002969 _____ C:\Users\family\Desktop\HiJackThis.lnk
2013-12-08 11:05 - 2013-12-08 11:05 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-08 11:05 - 2013-12-08 11:05 - 00000000 ____D C:\Program Files\Trend Micro
2013-12-08 11:04 - 2013-12-08 11:04 - 01402880 _____ C:\Users\family\Downloads
 
\HiJackThis.msi
2013-12-08 10:23 - 2013-12-08 10:23 - 00001965 _____ C:\Users\Public\Desktop
 
\SUPERAntiSpyware Free Edition.lnk
2013-12-08 10:23 - 2013-12-08 10:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-08 10:23 - 2013-12-08 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-08 10:12 - 2013-12-08 10:21 - 28808280 _____ (SUPERAntiSpyware) C:\Users\family
 
\Downloads\SUPERAntiSpyware.exe
2013-12-08 09:35 - 2013-12-09 19:24 - 00001432 _____ C:\Windows\PFRO.log
2013-12-08 09:26 - 2013-12-08 09:26 - 00000000 ____D C:\Program Files\Cisco Systems
2013-12-08 09:24 - 2013-12-08 09:24 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-12-08 04:50 - 2013-12-24 18:21 - 00004434 _____ C:\Windows\setupact.log
2013-12-08 04:50 - 2013-12-08 04:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 16:27 - 2013-12-24 18:24 - 00283366 _____ C:\Windows\WindowsUpdate.log
2013-11-30 14:05 - 2013-12-02 19:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-29 21:32 - 2013-11-29 21:32 - 00501248 _____ (Facebook Inc.) C:\Users\family
 
\Downloads\FacebookVideoCallSetup_v122050 (1).exe
2013-11-29 21:15 - 2013-12-24 10:20 - 00000932 _____ C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000UA.job
2013-11-29 21:15 - 2013-12-09 19:20 - 00000910 _____ C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000Core.job
2013-11-29 21:15 - 2013-11-29 21:16 - 00000000 ____D C:\Users\family\AppData\Local\Facebook
 
==================== One Month Modified Files and Folders =======
 
2013-12-24 18:38 - 2013-12-24 18:37 - 00007411 _____ C:\Users\family\Desktop\FRST.txt
2013-12-24 18:37 - 2013-12-24 18:37 - 00000000 ____D C:\FRST
2013-12-24 18:36 - 2013-12-24 18:36 - 01061581 _____ (Farbar) C:\Users\family\Desktop
 
\FRST.exe
2013-12-24 18:24 - 2013-12-01 16:27 - 00283366 _____ C:\Windows\WindowsUpdate.log
2013-12-24 18:21 - 2013-12-13 12:32 - 00000000 ___RD C:\Users\family\Dropbox
2013-12-24 18:21 - 2013-12-13 12:29 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Dropbox
2013-12-24 18:21 - 2013-12-09 19:02 - 00000882 _____ C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2013-12-24 18:21 - 2013-12-08 04:50 - 00004434 _____ C:\Windows\setupact.log
2013-12-24 18:21 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-24 13:48 - 2009-07-14 12:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-
 
497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 13:48 - 2009-07-14 12:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-
 
497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-24 13:43 - 2013-10-05 13:52 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype
2013-12-24 10:20 - 2013-11-29 21:15 - 00000932 _____ C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000UA.job
2013-12-24 10:12 - 2013-12-09 19:02 - 00000886 _____ C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2013-12-24 08:57 - 2013-12-24 08:57 - 00004834 _____ C:\Users\family\Desktop\dds.zip
2013-12-24 08:50 - 2013-12-24 08:50 - 00008553 _____ C:\Users\family\Desktop\dds.txt
2013-12-24 08:50 - 2013-12-24 08:50 - 00007202 _____ C:\Users\family\Desktop\attach.txt
2013-12-24 08:39 - 2013-12-24 08:39 - 00688992 ____R (Swearware) C:\Users\family\Downloads
 
\dds.com
2013-12-23 14:16 - 2013-12-23 13:57 - 00000000 ____D C:\Users\family\Desktop\xmas party
2013-12-23 13:36 - 2010-11-21 05:01 - 00717892 _____ C:\Windows
 
\system32\PerfStringBackup.INI
2013-12-20 09:32 - 2013-12-13 12:32 - 00001021 _____ C:\Users\family\Desktop\Dropbox.lnk
2013-12-20 09:32 - 2013-12-13 12:30 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-19 22:15 - 2013-10-06 14:48 - 00000000 ____D C:\Users\family\Documents\HOR
2013-12-19 22:13 - 2013-09-08 09:59 - 00000000 ____D C:\Users\family\Documents\Balitok
2013-12-13 12:32 - 2013-10-06 02:34 - 00000000 ____D C:\Users\family
2013-12-13 12:26 - 2013-12-13 12:11 - 35334016 _____ (Dropbox, Inc.) C:\Users\family
 
\Downloads\Dropbox 2.4.7.exe
2013-12-13 11:15 - 2013-12-13 11:15 - 00003216 _____ C:\Users\family\Desktop\hijackthis.log
2013-12-13 10:20 - 2013-12-13 10:20 - 00221184 _____ C:\Users\family\Downloads\2014-
 
Monthly-Calendar.xls
2013-12-12 09:31 - 2013-12-12 09:31 - 49940480 _____ C:\Program Files\GUT87A.tmp
2013-12-12 09:31 - 2013-12-12 09:31 - 00000000 ____D C:\Program Files\GUM879.tmp
2013-12-12 08:30 - 2013-12-12 08:30 - 00180708 _____ C:\Users\family\Downloads\copy (1).htm
2013-12-12 08:29 - 2013-12-12 08:29 - 00180708 _____ C:\Users\family\Downloads\copy.htm
2013-12-09 19:24 - 2013-12-08 09:35 - 00001432 _____ C:\Windows\PFRO.log
2013-12-09 19:20 - 2013-11-29 21:15 - 00000910 _____ C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000Core.job
2013-12-09 19:15 - 2013-12-09 19:15 - 00501248 _____ (Facebook Inc.) C:\Users\family
 
\Downloads\FacebookVideoCallSetup_v122050.exe
2013-12-09 19:11 - 2013-12-09 19:11 - 00002205 _____ C:\Users\Public\Desktop\Google 
 
Chrome.lnk
2013-12-09 19:11 - 2013-12-09 19:02 - 00000000 ____D C:\Program Files\Google
2013-12-09 19:11 - 2013-10-06 02:40 - 00000000 ____D C:\Users\family\AppData\Local\Google
2013-12-09 19:02 - 2013-12-09 19:01 - 00819184 _____ (Google Inc.) C:\Users\family
 
\Downloads\ChromeSetup.exe
2013-12-08 11:42 - 2013-11-02 09:43 - 00000000 ____D C:\ProgramData\MFAData
2013-12-08 11:32 - 2013-12-08 11:32 - 01565744 _____ C:\Users\family\Downloads
 
\AVG_Remover_en.exe
2013-12-08 11:11 - 2013-12-08 11:06 - 00003608 _____ C:\Users\family\Documents
 
\hijackthis.log
2013-12-08 11:05 - 2013-12-08 11:05 - 00002969 _____ C:\Users\family\Desktop\HiJackThis.lnk
2013-12-08 11:05 - 2013-12-08 11:05 - 00000000 ____D C:\Users\family\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-08 11:05 - 2013-12-08 11:05 - 00000000 ____D C:\Program Files\Trend Micro
2013-12-08 11:04 - 2013-12-08 11:04 - 01402880 _____ C:\Users\family\Downloads
 
\HiJackThis.msi
2013-12-08 10:23 - 2013-12-08 10:23 - 00001965 _____ C:\Users\Public\Desktop
 
\SUPERAntiSpyware Free Edition.lnk
2013-12-08 10:23 - 2013-12-08 10:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-08 10:23 - 2013-12-08 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-08 10:21 - 2013-12-08 10:12 - 28808280 _____ (SUPERAntiSpyware) C:\Users\family
 
\Downloads\SUPERAntiSpyware.exe
2013-12-08 09:26 - 2013-12-08 09:26 - 00000000 ____D C:\Program Files\Cisco Systems
2013-12-08 09:24 - 2013-12-08 09:24 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-12-08 04:50 - 2013-12-08 04:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 08:21 - 2013-10-05 13:52 - 00000000 ___RD C:\Program Files\Skype
2013-12-06 08:21 - 2013-10-05 13:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-04 16:21 - 2009-07-14 12:53 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-02 19:25 - 2013-10-05 14:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance 
 
Service
2013-12-02 19:22 - 2013-11-30 14:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-29 21:32 - 2013-11-29 21:32 - 00501248 _____ (Facebook Inc.) C:\Users\family
 
\Downloads\FacebookVideoCallSetup_v122050 (1).exe
2013-11-29 21:16 - 2013-11-29 21:15 - 00000000 ____D C:\Users\family\AppData\Local\Facebook
2013-11-27 10:43 - 2013-11-02 09:47 - 00000935 _____ C:\Users\Public\Desktop\AVG 2014.lnk
 
Some content of TEMP:
====================
C:\Users\family\AppData\Local\Temp\Checkupdate.exe
C:\Users\family\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\family\AppData\Local\Temp\gcapi_dll.dll
C:\Users\family\AppData\Local\Temp\gtapi_signed.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2010-11-21 05:29] - [2010-11-20 04:17] - 0285696 ____A (Microsoft Corporation) 
 
1562571D6B1541098E677C3BB78709A0
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2010-11-21 05:29] - [2010-11-20 04:21] - 0811520 ____A (Microsoft Corporation) 
 
BE8C64439F1E2AF088063218C16EB9FE
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-20 12:17
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-12-2013
Ran by family at 2013-12-24 18:38:34
Running from C:\Users\family\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30260)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Canon iP2700 series Printer Driver
Cisco Connect (Version: 1.4.11200.0)
Dropbox (HKCU Version: 2.4.10)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Foxit Reader (Version: 6.0.6.722)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
HiJackThis (Version: 1.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
ManyCam 3.1.60 (Version: 3.1.60)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
Revo Uninstaller 1.95 (Version: 1.95)
Skype™ 6.11 (Version: 6.11.102)
SUPERAntiSpyware (Version: 5.6.1042)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Yahoo! Messenger
 
==================== Restore Points  =========================
 
09-12-2013 10:53:00 Revo Uninstaller's restore point - Facebook Video Calling 1.2.0.287
09-12-2013 10:53:15 Removed Facebook Video Calling 1.2.0.287
09-12-2013 10:54:12 Revo Uninstaller's restore point - Google Chrome
09-12-2013 10:55:46 Revo Uninstaller's restore point - Google Chrome
18-12-2013 03:01:27 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {109DDB11-DE97-47C4-ADF6-B5A5B369FF16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {6BC74C33-CD99-40E1-B2BE-FCC677044062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {7BA9B53A-1E91-41A9-BE91-1CB7B08EBFED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000UA => C:\Users\family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: {C6F8A290-62DC-4A7D-9E5A-8F61E3ADAEDD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000Core => C:\Users\family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000Core.job => C:\Users\family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176941863-3618348438-3490580808-1000UA.job => C:\Users\family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-09 19:11 - 2013-12-04 10:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-09 19:11 - 2013-12-04 10:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-09 19:11 - 2013-12-04 10:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-09 19:11 - 2013-12-04 10:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-09 19:11 - 2013-12-04 10:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-09 19:11 - 2013-12-04 10:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2013 06:22:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2013 06:21:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xb18
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 06:21:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0x814
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 06:21:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xe7c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 06:21:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0x578
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 01:35:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2013 01:34:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xe3c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 01:34:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0x574
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 09:58:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2013 09:58:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xe90
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
 
System errors:
=============
Error: (12/24/2013 06:26:25 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (12/24/2013 06:23:21 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (12/24/2013 06:21:37 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/24/2013 06:21:37 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/24/2013 06:21:32 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/24/2013 06:21:32 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/24/2013 06:21:25 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: 
%%1056
 
Error: (12/24/2013 06:21:25 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (12/24/2013 06:21:25 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (12/24/2013 06:21:21 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 1918.49 MB
Available physical RAM: 1110.8 MB
Total Pagefile: 3836.98 MB
Available Pagefile: 2707.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:54.99 GB) (Free:38.62 GB) NTFS
Drive e: (BACKUP) (Fixed) (Total:19.53 GB) (Free:12.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 00470047)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
Thanks again for helping me.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 24 December 2013 - 09:21 AM

Greetings Richard,

It is my pleasure to help and I apologize again for the long wait time. Things are a bit busy these days. :(

Please consider and complete the following for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
MountPoints2: {848e9f21-638e-11e3-b144-001e90c5c284} - F:\AutoRun.exe
MountPoints2: {b51d1ed7-33c1-11e3-a465-001e90c5c284} - F:\AutoRun.exe
2013-12-12 09:31 - 2013-12-12 09:31 - 49940480 _____ C:\Program Files\GUT87A.tmp
2013-12-12 09:31 - 2013-12-12 09:31 - 00000000 ____D C:\Program Files\GUM879.tmp
C:\Users\family\AppData\Local\Temp\Checkupdate.exe
C:\Users\family\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\family\AppData\Local\Temp\gcapi_dll.dll
C:\Users\family\AppData\Local\Temp\gtapi_signed.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Result log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 24 December 2013 - 08:39 PM

Hi Gary,

 

I will be more than patient to wait for your responses. I greatly appreciate your help.

 

Below are the logs:

 

1. Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-12-2013
Ran by family at 2013-12-25 09:28:33 Run:1
Running from C:\Users\family\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
MountPoints2: {848e9f21-638e-11e3-b144-001e90c5c284} - F:\AutoRun.exe
MountPoints2: {b51d1ed7-33c1-11e3-a465-001e90c5c284} - F:\AutoRun.exe
2013-12-12 09:31 - 2013-12-12 09:31 - 49940480 _____ C:\Program Files\GUT87A.tmp
2013-12-12 09:31 - 2013-12-12 09:31 - 00000000 ____D C:\Program Files\GUM879.tmp
C:\Users\family\AppData\Local\Temp\Checkupdate.exe
C:\Users\family\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\family\AppData\Local\Temp\gcapi_dll.dll
C:\Users\family\AppData\Local\Temp\gtapi_signed.dll
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{848e9f21-638e-11e3-
 
b144-001e90c5c284} => Key deleted successfully.
HKCR\CLSID\{848e9f21-638e-11e3-b144-001e90c5c284} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b51d1ed7-33c1-11e3-
 
a465-001e90c5c284} => Key deleted successfully.
HKCR\CLSID\{b51d1ed7-33c1-11e3-a465-001e90c5c284} => Key not found.
C:\Program Files\GUT87A.tmp => Moved successfully.
C:\Program Files\GUM879.tmp => Moved successfully.
"C:\Users\family\AppData\Local\Temp\Checkupdate.exe" => File/Directory not found.
"C:\Users\family\AppData\Local\Temp\Foxit Reader Updater.exe" => File/Directory not found.
"C:\Users\family\AppData\Local\Temp\gcapi_dll.dll" => File/Directory not found.
"C:\Users\family\AppData\Local\Temp\gtapi_signed.dll" => File/Directory not found.
 
==== End of Fixlog ====
 
 
2. Result log:
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by family (administrator) on 25-12-2013 at 09:30:33
Running from "C:\Users\family\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : family-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1E-90-C5-C2-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c8a:827f:4f82:1eb5%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 25, 2013 9:19:24 AM
   Lease Expires . . . . . . . . . . : Thursday, December 26, 2013 9:19:24 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234888848
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-E2-12-8F-00-1E-90-C5-C2-84
   DNS Servers . . . . . . . . . . . : 192.168.254.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{EBB46176-FCD5-47DC-94DB-3E4966DF6640}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:384b:9ea:3f57:fe6d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::384b:9ea:3f57:fe6d%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.254.1
 
Name:    google.com
Addresses:  2404:6800:4001:801::1009
 74.125.200.138
 74.125.200.139
 74.125.200.100
 74.125.200.101
 74.125.200.102
 74.125.200.113
 
 
Pinging google.com [74.125.200.138] with 32 bytes of data:
Reply from 74.125.200.138: bytes=32 time=101ms TTL=43
Reply from 74.125.200.138: bytes=32 time=125ms TTL=43
 
Ping statistics for 74.125.200.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 101ms, Maximum = 125ms, Average = 113ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.254.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 1e 90 c5 c2 84 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.146     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.146    276
    192.168.1.146  255.255.255.255         On-link     192.168.1.146    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.146    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.146    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.146    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:384b:9ea:3f57:fe6d/128
                                    On-link
 11    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::384b:9ea:3f57:fe6d/128
                                    On-link
 11    276 fe80::8c8a:827f:4f82:1eb5/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/25/2013 09:25:22 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {231ef649-d6bc-45ab-99db-4d3970d96e62}
 
Error: (12/25/2013 09:21:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2013 09:19:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xf18
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/25/2013 09:19:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0x560
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/25/2013 01:01:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2013 01:00:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xf38
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/25/2013 01:00:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0x57c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 08:10:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2013 08:09:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xbfc
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
Error: (12/24/2013 08:09:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: dnsrslvr.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7eb
Exception code: 0xc0000005
Fault offset: 0x00003c40
Faulting process id: 0xf84
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3
 
 
System errors:
=============
Error: (12/25/2013 09:24:44 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (12/25/2013 09:21:42 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (12/25/2013 09:19:44 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: 
%%1056
 
Error: (12/25/2013 09:19:44 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (12/25/2013 09:19:44 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (12/25/2013 09:19:42 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: 
%%1056
 
Error: (12/25/2013 09:19:42 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (12/25/2013 09:19:42 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/25/2013 09:19:42 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (12/25/2013 09:19:42 AM) (Source: Service Control Manager) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
========================= Devices: ================================
 
 
**** End of log ****
 
 
 
3. FSS log
 
Farbar Service Scanner Version: 05-12-2013
Ran by family (administrator) on 25-12-2013 at 09:33:36
Running from "C:\Users\family\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-21 05:29] - [2010-11-21 05:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714
 
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
Again, thank you very much for your help.
 
Richard
 

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 24 December 2013 - 09:21 PM

Hi Richard,

 

Can you tell me if there is any improvement and if not describe what you are currently experiencing (whether the same or different from before).


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 25 December 2013 - 08:39 PM

Hi Gary,

 

I believe my computer is okay now. But the AVG antivirus still has "no active components" and won't update. And so is the Super Antispyware program.

 

Thanks,

Richard



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 25 December 2013 - 11:08 PM

Hi Richard,

Have you tried to uninstall and reinstall the programs?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 26 December 2013 - 01:02 AM

Hi Gary,

 

I was able to uninstall and reinstall Super Antispyware. But the problem of updating persists. Error occurs everytime I update the program.

 

For AVG, uninstallation process failed. It says, "Service 'AVG Firewall' (avgfws) could not be stopped. Verify that you have sufficient privileges to stop system services."

 

What should I do about these two programs, especially AVG? I want to remove AVG and use avast instead.

 

Thanks,

Richard



#14 troubledcomputer

troubledcomputer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 26 December 2013 - 01:30 AM

Hi,

 

Sorry to bump on this post.

 

I was able to remove AVG through revo uninstaller. But the program folder in C:Program Files can't be deleted.

 

Richard



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 26 December 2013 - 08:51 AM

Hi Richard,

Don't worry about multiple posts when you have important information to share. Since it is possible your issue may be more widespread than just these two programs (although not apparent yet) I want to run a battery of programs to address a multitude of issues. If SuperAntiSpyware will not update after this please provide the exact error information, if offered.

Please do this for me.

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the icon and select Run
  • Continually click Next, then Finish
  • Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif

  • Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif

  • Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif

  • Go to Start Repairs tab and click Start button.

p22001166.gif

  • Please leave the default settings as is
  • Click on box next to the Restart System when Finished. Then click on Start
  • Your computer will reboot upon completion
  • Check the issues with SuperAntiSpyware and AVG
  • Copy and paste the contents of the following log in your reply:

C:\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows All in One log
  • Any progress?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users