Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Malware


  • Please log in to reply
11 replies to this topic

#1 GhostfaceKillah

GhostfaceKillah

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 21 December 2013 - 06:54 PM

Two days ago, I got some malware/adware on my computer that hijacked my browser and changed my homepage to some "Conduit search engine". I also noticed that new "Conduit" and "Gorilla Price" programs have appeared on my PC. I used a combination of Microsoft Security Essentials and Malwarebytes to remove the malware and restore my internet browser to normal. However, I continued to have problems. I would periodically get random ad pop-ups soliciting something. I also couldn't download anything; when I would start a download, it would work for a few seconds, and then it would say, "The download was interrupted", and when I would resume it, it would work for another few seconds, stop, and then say that the downloaded file/program must be deleted. Finally, my internet would work slowly: my download speed were cut in half, and videos simply would stop playing after a few seconds.

 

To combat the above problems, I downloaded TDSSKiller and Hitman Pro on another computer and transferred then to the infected one. Hitman Pro was able to remove the remnants of the Conduit program. It also said that there was a proxy server on the computer and repaired that. TDSSKiller found nothing. After all of this, the above problems still remain. Also, the "Gorilla Price" program was not removed and it doesn't let me remove it, and still get the message that the infected computer is using a proxy server everytime I run Hitman Pro.

 

I would really prefer not to wipe the entire hard drive. Is there a way out of this predicament without having to wipe everything? Thanks in advance.

 

EDIT: Upon attempting to uninstall the "Gorilla Price" program through Add/Remove Programs, it sent me to a website to download an uninstaller for the program, which I did not do.

 

Also, when I booted up the computer today, I got the following message: There was a problem starting: C:\Users\Renegade\AppData\Local\Conduit\Background\Container\BackgroundContainer.dll - The specified module could not be found.
 


Edited by GhostfaceKillah, 21 December 2013 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 21 December 2013 - 07:12 PM

Hello GhostfaceKillah
The programs / items you mention are mot Infections as such.

These are the latest round of advertising add-ons placed in programs that you downloaded.

 

Even I have been stuck with these mongrels while doing the rounds of the web recently.

 

Look at the page with Gorilla Price on it to make sure there are no Uninstall directions included.

 

Now a quick check to see if it is "sticking" or just a pest -

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At worst the tool will run for about 2 minutes

Important: Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

Next -

As you have Malwarebytes already installed, please Update it and run a Full Scan

Please post the results back here - Reboot if requested.

 

Tell me how things are after these. and we can hunt a bit deeper next if needed -

 

Thank You -



#3 GhostfaceKillah

GhostfaceKillah
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 21 December 2013 - 10:58 PM

OK, I did everything as you have said - and there has been no change. The GorillaPrice software is still there, I cannot download, anything, the internet still works at a snail's place, and HitmanPro is still detecting a proxy server. Here are the logs:

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/21/2013 06:50:45 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Renegade\Desktop\rkill\rkill-12-21-2013-06-50-48.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/21/2013 06:51:19 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)

 

--------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Renegade on Sat 12/21/2013 at 18:58:48.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] gorillaprice
Successfully deleted: [Service] gorillaprice

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6BFC62B1-FCDC-46E3-B425-3F1C4D18BDC2}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at 19:09:10.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 22 December 2013 - 04:36 AM

Did you run AdwCleaner by Xplode ? I must ask as you posted nothing ......

 

Thanks -



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 22 December 2013 - 05:03 AM

You say > The GorillaPrice software is still there < Can you see the program listed at all ??

 

Successfully stopped: [Service] gorillaprice
Successfully deleted: [Service] gorillaprice

From your last JRT scan, so there must be other problems also .....

 

Now -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:

* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and post the result. (result.txt)

 

Next -

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.
4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Last -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Thank You -



#6 GhostfaceKillah

GhostfaceKillah
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 22 December 2013 - 02:57 PM

Gorilla Price is still in the programs list.

 

I simply could not run the ESET scanner. Even though I have Internet Explorer, I could not run it from the browser, even after I changed certain settings that ESET recommended changing. Downloading the scanner and running it from a flash drive also did not work. I'm beginning to sense that this is a more serious problem them previously thought.

 

Here are the AdwCleaner logs I forgot to post:

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 18:51:48
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Renegade - AFTERMATH
# Running from : C:\Users\Renegade\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found C:\Program Files (x86)\SafeSaver
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\ssaafe isavee
Folder Found C:\ProgramData\StarApp
Folder Found C:\Users\Renegade\AppData\Local\Mail.Ru
Folder Found C:\Users\Renegade\AppData\Local\Searchprotect
Folder Found C:\Users\Renegade\AppData\LocalLow\ssaafe isavee

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\firstsearch
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Renegade\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2911 octets] - [21/12/2013 18:51:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2971 octets] ##########

 

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 18:53:32
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Renegade - AFTERMATH
# Running from : C:\Users\Renegade\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\ssaafe isavee
Folder Deleted : C:\Program Files (x86)\SafeSaver
Folder Deleted : C:\Users\Renegade\AppData\Local\Mail.Ru
Folder Deleted : C:\Users\Renegade\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Renegade\AppData\LocalLow\ssaafe isavee
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\Software\firstsearch
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Renegade\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3067 octets] - [21/12/2013 18:51:48]
AdwCleaner[S0].txt - [2941 octets] - [21/12/2013 18:53:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3001 octets] ##########

 

Here is the Screen317 Security Check log:

 

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

And the MiniToolBox log:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Renegade (administrator) on 22-12-2013 at 12:26:59
Running from "C:\Users\Renegade\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2013 00:04:34 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c0c

Start Time: 01ceff4895fd8d1f

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/22/2013 00:02:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xafc
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (12/22/2013 00:02:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Faulting module name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Exception code: 0xc0000417
Fault offset: 0x00024473
Faulting process id: 0x630
Faulting application start time: 0xAsusFanControlService.exe0
Faulting application path: AsusFanControlService.exe1
Faulting module path: AsusFanControlService.exe2
Report Id: AsusFanControlService.exe3

Error: (12/22/2013 11:56:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x894
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (12/22/2013 11:56:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Faulting module name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Exception code: 0xc0000417
Fault offset: 0x00024473
Faulting process id: 0x778
Faulting application start time: 0xAsusFanControlService.exe0
Faulting application path: AsusFanControlService.exe1
Faulting module path: AsusFanControlService.exe2
Report Id: AsusFanControlService.exe3

Error: (12/21/2013 08:52:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x8cc
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (12/21/2013 08:52:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Faulting module name: AsusFanControlService.exe, version: 1.0.0.7, time stamp: 0x4fb60522
Exception code: 0xc0000417
Fault offset: 0x00024473
Faulting process id: 0x798
Faulting application start time: 0xAsusFanControlService.exe0
Faulting application path: AsusFanControlService.exe1
Faulting module path: AsusFanControlService.exe2
Report Id: AsusFanControlService.exe3

System errors:
=============
Error: (12/22/2013 00:02:43 PM) (Source: Service Control Manager) (User: )
Description: The AsusFanControlService service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/22/2013 00:02:25 PM) (Source: Service Control Manager) (User: )
Description: The lirsgt service failed to start due to the following error:
%%577

Error: (12/22/2013 00:02:25 PM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%577

Error: (12/22/2013 11:56:55 AM) (Source: Service Control Manager) (User: )
Description: The AsusFanControlService service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/22/2013 11:56:54 AM) (Source: Service Control Manager) (User: )
Description: The lirsgt service failed to start due to the following error:
%%577

Error: (12/22/2013 11:56:53 AM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%577

Error: (12/21/2013 10:00:35 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DMITRI-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{310F3A00-3F78-4A22-81F7-7F34C0288745}.
The master browser is stopping or an election is being forced.

Error: (12/21/2013 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: The AsusFanControlService service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/21/2013 08:52:54 PM) (Source: Service Control Manager) (User: )
Description: The lirsgt service failed to start due to the following error:
%%577

Error: (12/21/2013 08:52:54 PM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%577

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-22 12:02:25.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 12:02:25.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 12:02:25.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 12:02:25.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 11:56:54.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 11:56:54.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 11:56:53.874
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-22 11:56:53.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 20:52:54.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 20:52:54.638
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

7-Zip 9.25 (x64 edition) (Version: 9.25.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
AI Suite II (Version: 1.04.01)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
Audacity 2.0.5 (Version: 2.0.5)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Blacklight: Retribution
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
Command & Conquer The First Decade (Version: 1.00.0000)
Crysis WARHEAD®
Crysis WARHEAD® (Version: 1.0)
Crysis Wars®
Crysis Wars® (Version: 1.0)
Crysis® (Version: 1.00.0000)
Dragon Age: Origins (Version: 1.00)
Fallout 3 (Version: 1.00.0000)
Fortress Forever 2.46 (Version: 2.46)
GameSpy Arcade
GameSpy Comrade (Version: 1.5.0.156)
GorillaPrice
Half-Life 2
Heroes of Might and Magic V
HitmanPro 3.7 (Version: 3.7.8.208)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241)
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NBA 2K13 (Version: 1.0.0)
NVIDIA PhysX (Version: 9.10.0513)
PlanetSide 2
PunkBuster Services (Version: 0.992)
Quake Live Internet Explorer Plugin (Version: 1.0.520)
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6657)
RollerCoaster Tycoon 2
Sid Meier's Civilization III Complete
Steam (Version: 1.0.0.0)
Super Monday Night Combat
Team Fortress 2
Tribes: Ascend
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive (Version: 5.4.7.0)
WinCDEmu (Version: 3.6)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
WinZip 16.5 (Version: 16.5.10095)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 7638.59 MB
Available physical RAM: 5812.3 MB
Total Pagefile: 15275.37 MB
Available Pagefile: 13014.24 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:731.22 GB) NTFS
2 Drive d: (NBA 2K13) (CDROM) (Total:6.86 GB) (Free:0 GB) UDF
3 Drive e: (RCT2) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:0.49 GB) (Free:0.47 GB) FAT

========================= Users: ========================================

User accounts for \\AFTERMATH

Administrator            ASPNET                   Guest                   
Renegade                

**** End of log ****



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 22 December 2013 - 05:01 PM

Can you try and run Revo Uninstaller -

 

1) First we download it from here: Revo Uninstaller Free Version.  You can skip this Step if you already have it installed.  However, you may need to update it.  If you have it installed already, and you need to update it, go ahead and open it up and click the AutoUpdate Icon next to Help.  The use of this program makes registry changes based upon what you select for removal from the Registry.  Before running Revo Uninstaller please run ERUNT before proceeding to back up your registry in case you make a mistake.
 
2) Select the Program to remove from the list of programs and click the Uninstall button: 


revo_list_of_programs.png

  
 
3) After selecting the program you want to remove, and confirming you want to uninstall the program, then you will want to select the Advanced Option: 

methods_of_removal.png

 
4) Click Next. This will start the uninstaller for the application you picked.  When the uninstaller is done, and it proves to be successful, and a reboot is required, then select NO and continue the below steps.
 
5) Follow the prompts during the uninstallation of the application.  Once it closes you will be at this window: 

continue_uninstallation_of_application.p

 
6) Click Next again. Once the window is done scanning for files and other things that did not get removed, you will be presented with this window:

registry_settings_left_behind.png

.  
 
You will want to select only the bolded items, then click on Delete. If any entries-usually the last thing listed and not in bold-have a + sign click on the + until you see more bolded items.  Once done, click Next.
 
If it asks you to delete other files, then do so, but pay attention to the warnings.

 

Thanks -



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 22 December 2013 - 05:28 PM

EDIT -

Alternate link for you -
Please run a free online scan with the ESET Online Scanner
 

 

 

If you are still unable to remove it, please follow this .............

 

Download Autoruns to your desktop
Double click on Autoruns exe.
Allow the program to fully populate (this will take a few minutes)
Go > File > Save > Save as Autoruns.txt > File Type > All Files
Save to Desktop
Copy and Paste the Autoruns.txt back here

 

The text may look a bit odd to you, but still post it -

 

Thanks -


Edited by noknojon, 22 December 2013 - 06:00 PM.


#9 GhostfaceKillah

GhostfaceKillah
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 22 December 2013 - 06:16 PM

OK, I was able to remove it with the Revo Uninstaller, and I am able to download things now. However, I couldn't use the internet still because it said that the "proxy server was not responding." I restored internet access using hitman pro, but I am still worried about this. I will try ESET scanner and come back with the results.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 22 December 2013 - 06:30 PM

First -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Next -

Right Click and Delete any old version of MiniToolBox on your Desktop -

Please download a new version of MiniToolBox and run it.
Checkmark following boxes:
* Report IE Proxy Settings

* Reset IE Proxy Settings
* Report FF Proxy Settings

* Reset FF Proxy Settings
* List content of Hosts

 

 

Next -

Run System File Check from an Elevated Command Prompt
1 Open Elevated Command Prompt as per directions
2 Type sfc /scannow and press Enter (note the space between c and / it must be there)
3 This should not take longer than 20 minutes to finish (on average)
4 NOTE : Do not touch the keyboard while this is running.

 

 

Next -

Run a Disk Check on your C: drive in Windows 7:
• Click Start and open Computer
• Right-click on C: (or your hard drive letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button
• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Restart your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started a you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

 

Thank You -



#11 GhostfaceKillah

GhostfaceKillah
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 22 December 2013 - 10:35 PM

Everything seems to be working fine right now. Here is the 2nd MiniToolBox log anyways:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Renegade (administrator) on 22-12-2013 at 17:35:35
Running from "C:\Users\Renegade\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DGXB7AE"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

**** End of log ****

 

I thank you very much for the help. Have a happy holiday.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:19 AM

Posted 23 December 2013 - 05:49 PM

"Reset IE Proxy Settings": IE Proxy Settings were reset.

Looks like this fixed the problem.

 

Good luck, and Safe Surfing (the scammers will be out over the mext few weeks)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users