Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preparing Security Options


  • Please log in to reply
4 replies to this topic

#1 alley_walker

alley_walker

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 AM

Posted 04 March 2014 - 02:08 PM

Hello,

 

This is a new build. About 3 weeks old. I started to get computer freezes and when I would press CTL+ALT+DEL, I would get a windows screen (blue background) saying "Preparing Security Options" after about 2 min, I regain control of computer. I have run Combo Fix with nothing found. MSE and nothing found. But when I ran EMsisoft, I found several registry changes such as System->Disableregistrytools and system->disabletaskmanager 

 

Alas! the reason task manager isn't working when this malware is active. Also, wireshark reports all kind of activity when this freeze happens with outgoing TCP-IP traffic to a destination other than normal activity.

 

Windows 7 Pro

AMD FX 6 Core (Benched marked no problems)

16 gigs Ram (tested no problems)

250 gig Crucial SSD (tested and working)

1 tera HD back up. (Tested and working)

2 AMD 7850 4 gig video cards.

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 PM

Posted 04 March 2014 - 02:27 PM

Download Minitoolbox - http://www.bleepingcomputer.com/download/minitoolbox/

Start the application and set tick everywhere.Click GO button.After scan is done a log will appear.Save and attach it here.



#3 alley_walker

alley_walker
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 AM

Posted 04 March 2014 - 02:42 PM

Hello and thanks!

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by 2ndtimeisthecarm (administrator) on 04-03-2014 at 13:40:54
Running from "C:\Users\2ndtimeisthecarm\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : 2ndtimeisthecar
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D0-50-99-04-CF-C4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::24d7:6b50:55ee:bc99%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 04, 2014 10:58:30 AM
   Lease Expires . . . . . . . . . . : Wednesday, March 05, 2014 10:58:30 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 298864793
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-83-CD-C8-D0-50-99-04-CF-C4
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{B9ACF781-FEE8-4AB6-BFDB-58544B5344A6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3c21:3283:bcf9:db5a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c21:3283:bcf9:db5a%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:804::1001
 173.194.46.32
 173.194.46.36
 173.194.46.40
 173.194.46.34
 173.194.46.41
 173.194.46.35
 173.194.46.33
 173.194.46.37
 173.194.46.39
 173.194.46.38
 173.194.46.46
 
 
Pinging google.com [74.125.225.37] with 32 bytes of data:
Reply from 74.125.225.37: bytes=32 time=31ms TTL=57
Reply from 74.125.225.37: bytes=32 time=31ms TTL=57
 
Ping statistics for 74.125.225.37:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 31ms, Average = 31ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=62ms TTL=53
Reply from 98.138.253.109: bytes=32 time=71ms TTL=53
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 71ms, Average = 66ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...d0 50 99 04 cf c4 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    266
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:5ef5:79fb:3c21:3283:bcf9:db5a/128
                                    On-link
 10    266 fe80::/64                On-link
 12    306 fe80::/64                On-link
 10    266 fe80::24d7:6b50:55ee:bc99/128
                                    On-link
 12    306 fe80::3c21:3283:bcf9:db5a/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/02/2014 04:19:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: bf4.exe, version: 1.1.0.1, time stamp: 0x53037899
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000027b0b
Faulting process id: 0x1654
Faulting application start time: 0xbf4.exe0
Faulting application path: bf4.exe1
Faulting module path: bf4.exe2
Report Id: bf4.exe3
 
Error: (03/02/2014 01:38:02 PM) (Source: A2SERVICE.EXE) (User: )
Description: The service process could not connect to the service controller
 
Error: (03/02/2014 01:38:01 PM) (Source: A2SERVICE.EXE) (User: )
Description: The service process could not connect to the service controller
 
Error: (03/01/2014 11:39:38 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 33.0.1750.117 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1190
 
Start Time: 01cf35e7d5751ddf
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id:
 
 
System errors:
=============
Error: (03/04/2014 10:58:40 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/04/2014 10:58:36 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/03/2014 07:57:29 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/03/2014 07:57:25 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/02/2014 01:38:00 PM) (Source: Service Control Manager) (User: )
Description: The Emsisoft Anti-Malware 8.0 - Service service failed to start due to the following error: 
%%1053
 
Error: (03/02/2014 01:38:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Emsisoft Anti-Malware 8.0 - Service service to connect.
 
Error: (03/02/2014 01:38:00 PM) (Source: Service Control Manager) (User: )
Description: The Emsisoft Anti-Malware 8.0 - Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/02/2014 00:20:52 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/02/2014 00:20:47 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/02/2014 00:20:46 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
 
Microsoft Office Sessions:
=========================
Error: (03/02/2014 04:19:30 PM) (Source: Application Error)(User: )
Description: bf4.exe1.1.0.153037899ntdll.dll6.1.7601.18247521eaf24c00000050000000000027b0b165401cf36725aa5f838C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeC:\Windows\SYSTEM32\ntdll.dll7c652b4b-a269-11e3-9eca-d0509904cfc4
 
Error: (03/02/2014 01:38:02 PM) (Source: A2SERVICE.EXE)(User: )
Description: The service process could not connect to the service controller
 
Error: (03/02/2014 01:38:01 PM) (Source: A2SERVICE.EXE)(User: )
Description: The service process could not connect to the service controller
 
Error: (03/01/2014 11:39:38 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.117119001cf35e7d5751ddf4C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-11 10:14:20.851
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-11 10:14:20.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-06 09:50:06.836
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-06 09:50:06.773
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
3DMark 11 (Version: 1.0.5)
3DMark Vantage (Version: 1.1.3)
Adobe AIR (Version: 4.0.0.1390)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206)
AMD Catalyst Control Center (Version: 2013.1206.1603.28764)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.1206.1603.28764)
AMD Media Foundation Decoders (Version: 1.0.81206.1620)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.12.0)
Battlefield 4™ (Version: 1.1.0.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764)
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764)
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764)
CCC Help Chinese Standard (Version: 2013.1206.1602.28764)
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764)
CCC Help Czech (Version: 2013.1206.1602.28764)
CCC Help Danish (Version: 2013.1206.1602.28764)
CCC Help Dutch (Version: 2013.1206.1602.28764)
CCC Help English (Version: 2013.1206.1602.28764)
CCC Help Finnish (Version: 2013.1206.1602.28764)
CCC Help French (Version: 2013.1206.1602.28764)
CCC Help German (Version: 2013.1206.1602.28764)
CCC Help Greek (Version: 2013.1206.1602.28764)
CCC Help Hungarian (Version: 2013.1206.1602.28764)
CCC Help Italian (Version: 2013.1206.1602.28764)
CCC Help Japanese (Version: 2013.1206.1602.28764)
CCC Help Korean (Version: 2013.1206.1602.28764)
CCC Help Norwegian (Version: 2013.1206.1602.28764)
CCC Help Polish (Version: 2013.1206.1602.28764)
CCC Help Portuguese (Version: 2013.1206.1602.28764)
CCC Help Russian (Version: 2013.1206.1602.28764)
CCC Help Spanish (Version: 2013.1206.1602.28764)
CCC Help Swedish (Version: 2013.1206.1602.28764)
CCC Help Thai (Version: 2013.1206.1602.28764)
CCC Help Turkish (Version: 2013.1206.1602.28764)
ccc-utility64 (Version: 2013.1206.1603.28764)
CPUID CPU-Z 1.68
Emsisoft Anti-Malware (Version: 8.1)
ESN Sonar (Version: 0.70.4)
Futuremark SystemInfo (Version: 4.25.366)
Glary Utilities 4.5 (Version: 4.5.0.89)
Google Chrome (Version: 33.0.1750.146)
Google Update Helper (Version: 1.3.22.5)
Java 7 Update 51 (64-bit) (Version: 7.0.510)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1512)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
NVIDIA PhysX (Version: 9.13.1220)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512)
Oracle VM VirtualBox 4.3.6 (Version: 4.3.6)
Origin (Version: 9.4.1.116)
PunkBuster Services (Version: 0.993)
Raptr
Realtek High Definition Audio Driver (Version: 6.0.1.7004)
Revo Uninstaller 1.95 (Version: 1.95)
swMSM (Version: 12.0.0.1)
VLC media player 2.1.2 (Version: 2.1.2)
War Thunder Launcher 1.0.1.322
WinPcap 4.1.3 (Version: 4.1.0.2980)
Wireshark 1.10.5 (64-bit) (Version: 1.10.5)
 
========================= Devices: ================================
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 17%
Total physical RAM: 16341.71 MB
Available physical RAM: 13409 MB
Total Pagefile: 17139.89 MB
Available Pagefile: 13643.44 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.74 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:223.47 GB) (Free:130.85 GB) NTFS
2 Drive d: () (Fixed) (Total:931.41 GB) (Free:856.9 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\2NDTIMEISTHECAR
 
2ndtimeisthecarm         Administrator            Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
19-02-2014 03:41:45 Removed Microsoft Office Standard 2007
19-02-2014 03:57:18 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
19-02-2014 03:57:31 Installed OpenOffice 4.0.1
19-02-2014 04:24:00 Removed OpenOffice 4.0.1
19-02-2014 04:48:10 Installed OpenOffice 4.0.1
19-02-2014 15:39:47 Removed OpenOffice 4.0.1
20-02-2014 20:06:56 Windows Update
24-02-2014 08:49:54 Windows Update
26-02-2014 08:26:09 Removed Oracle VM VirtualBox 4.3.6
26-02-2014 09:23:35 Windows Update
27-02-2014 06:29:02 Installed 3DMark Vantage
02-03-2014 07:30:40 Windows Update
 
**** End of log ****


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 PM

Posted 04 March 2014 - 03:07 PM

Uninstall - NVIDIA PhysX (Version: 9.13.1220)

Do not use optimization software like Glary Utilities,because it make mess in the registry.Personally I do not dare to use combofix,because it is very powerful.I am not sure you have uninstall it correctly.That`s why I recommend to go one section above.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 AM

Posted 04 March 2014 - 05:54 PM

I have run Combo Fix with nothing found.

Since you already ran Combofix, its log should be thoroughly reviewed by trained experts before proceeding further. A log should have been created and saved to the root directory, usually C:\ComboFix.txt.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
-- ComboFix logs are not permitted in this forum.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users