Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Runtime error 216--possible trojan infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 lingle873333

lingle873333

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 13 May 2014 - 04:16 PM

I am posting to this forum at the instruction of Alex&Vanko of the "Am I infected? What do I do?" forum.

 

In trying to open any video file with any software (Zoom Player, VLC, Media Player Classic, Windows Media Player, Quicktime Player), I receive the following messages, in order:

1.  "Access violation at address 77BA32CD in module ntdll.dll. Read of address 06F480C0"

2.  "The instruction at 0x77ba332f referenced memory at 0x00000004.  The memory could not be read."

3.  "Runtime error 216 at 77BA332F"

 

On other forums, I read that this problem is, or may be,  caused by an infection by a Trojan called SubSeven.  I've scanned the machine with Malwarebytes, Super Anti Spyware and AVG.  If SubSeven is there, none of these programs found it.  The problem is still there--same error messages.  .

 

Per the Preparation Guide, I have pasted below the results of the dds.com scan and attached a zip file of the attach.txt document that dds.com created.  I would be so grateful for any help you could offer.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.45.2

Run by jfitch at 16:50:23 on 2014-05-13

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12270.9378 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

c:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\beats64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\spool\drivers\x64\3\E_YATIHCA.EXE

C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Maxthon\Bin\MxUp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uProxyOverride = 127.0.0.1:9421;<local>

BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Akamai NetSession Interface] "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe"

uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHCA.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7510 Series"

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [299BFAEC438A41A97BF975F7AD14912A13EC7B0C._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

dRunOnce: [Application Restart #0] C:\Windows\System32\Magnify.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: LastPass - C:\Users\jfitch.THEFITCHSTUDIO\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\jfitch.THEFITCHSTUDIO\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxps://prolog.kbr.com/pw/mpsPwLc7.CAB

TCP: NameServer = 192.168.1.30

TCP: Interfaces\{B974A606-EE12-41BA-8CDC-82BCC5938B28} : DHCPNameServer = 192.168.1.30

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar_x64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar_x64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\LPToolbar_x64.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\u9mx6boi.default-1370371060657\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/#inbox

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Citrix\Plugins\104\npappdetector.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\nplastpass.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\LastPass\nplastpass64.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-28 45856]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-14 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 237056]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]

R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]

R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-14 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 376144]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-15 72216]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-28 2358656]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-14 2655768]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-14 116240]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-30 30192]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]

S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-4 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]

ShellExec: dwgviewr.exe: open="C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe"

.

=============== Created Last 30 ================

.

2014-05-13 19:43:39  1031560    ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8A557F7-2261-4E7F-8D00-43EEEB3BFAD1}\gapaengine.dll

2014-05-13 19:43:30  10651704   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D8DC9FE-460C-455A-BA33-874FF5CE4F5E}\mpengine.dll

2014-05-12 19:43:23  10651704   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-05-05 17:43:53  --------   d-----w-   C:\Windows\pss

2014-05-04 14:54:51  --------   d-s---w-   C:\Windows\System32\CompatTel

2014-05-04 14:53:17  465408     ----a-w-   C:\Windows\System32\aepdu.dll

2014-05-04 14:53:17  424448     ----a-w-   C:\Windows\System32\aeinv.dll

2014-05-02 07:00:40  2724864    ----a-w-   C:\Windows\System32\mshtml.tlb

2014-05-02 07:00:39  2724864    ----a-w-   C:\Windows\SysWow64\mshtml.tlb

2014-04-29 22:04:24  --------   d-----w-   C:\Program Files\AMD

2014-04-29 22:03:41  --------   d-----w-   C:\Program Files\Common Files\ATI Technologies

2014-04-29 22:02:50  --------   d-----w-   C:\ProgramData\Package Cache

2014-04-29 21:51:39  --------   d-----w-   C:\Program Files\ATI Technologies

2014-04-29 21:50:20  --------   d-----w-   C:\AMD

2014-04-21 18:56:00  93808 ----a-w-   C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2014-04-21 18:56:00  878024     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2014-04-21 18:56:00  276592     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\updater.exe

2014-04-21 18:56:00  23186032   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\xul.dll

2014-04-21 18:56:00  170960     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2014-04-21 18:56:00  16192 ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

2014-04-21 18:56:00  159744     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2014-04-21 18:56:00  159744     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2014-04-21 18:56:00  159744     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2014-04-21 18:56:00  159744     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2014-04-21 18:56:00  159744     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2014-04-21 18:56:00  152688     ----a-w-   C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2014-04-18 19:01:30  237336     ----a-w-     C:\Windows\System32\drivers\avgidsdrivera.sys

2014-04-18 02:39:06  274656     ----a-w-     C:\Windows\System32\drivers\amdacpksd.sys

2014-04-18 02:23:08  231424     ----a-w-   C:\Windows\System32\clinfo.exe

2014-04-18 02:22:58  1187342    ----a-w-   C:\Windows\System32\amdocl_as64.exe

2014-04-18 02:22:58  1061902    ----a-w-   C:\Windows\System32\amdocl_ld64.exe

2014-04-18 02:22:56  995342     ----a-w-   C:\Windows\SysWow64\amdocl_as32.exe

2014-04-18 02:22:56  798734     ----a-w-   C:\Windows\SysWow64\amdocl_ld32.exe

2014-04-18 02:22:54  98816 ----a-w-   C:\Windows\System32\OpenVideo64.dll

2014-04-18 02:22:48  83456 ----a-w-   C:\Windows\SysWow64\OpenVideo.dll

2014-04-18 02:22:42  86528 ----a-w-   C:\Windows\System32\OVDecode64.dll

2014-04-18 02:22:38  73216 ----a-w-   C:\Windows\SysWow64\OVDecode.dll

2014-04-18 02:22:32  28685824   ----a-w-   C:\Windows\System32\amdocl64.dll

2014-04-18 02:19:54  24107520   ----a-w-   C:\Windows\SysWow64\amdocl.dll

2014-04-18 02:17:28  65024 ----a-w-   C:\Windows\System32\OpenCL.dll

2014-04-18 02:17:24  58880 ----a-w-   C:\Windows\SysWow64\OpenCL.dll

2014-04-18 02:13:30  127488     ----a-w-   C:\Windows\System32\mantle64.dll

2014-04-18 02:13:10  113664     ----a-w-   C:\Windows\SysWow64\mantle32.dll

2014-04-18 02:12:48  5442048    ----a-w-   C:\Windows\System32\amdmantle64.dll

2014-04-18 01:58:32  4358656    ----a-w-   C:\Windows\SysWow64\amdmantle32.dll

2014-04-18 01:45:56  91136 ----a-w-   C:\Windows\System32\mantleaxl64.dll

2014-04-18 01:45:46  85504 ----a-w-   C:\Windows\SysWow64\mantleaxl32.dll

2014-04-18 01:33:06  48128 ----a-w-   C:\Windows\System32\amdmmcl6.dll

2014-04-18 01:33:02  37888 ----a-w-   C:\Windows\SysWow64\amdmmcl.dll

2014-04-18 01:30:14  442368     ----a-w-   C:\Windows\System32\atidemgy.dll

2014-04-18 01:29:54  503808     ----a-w-   C:\Windows\System32\atieclxx.exe

2014-04-18 01:29:24  237056     ----a-w-   C:\Windows\System32\atiesrxx.exe

2014-04-18 01:21:30  806912     ----a-w-   C:\Windows\System32\coinst_14.100.dll

2014-04-18 01:09:20  514560     ----a-w-   C:\Windows\System32\atiadlxx.dll

2014-04-17 07:00:58  8011776    ----a-w-   C:\Program Files\Internet Explorer\F12Resources.dll

2014-04-16 18:01:54  --------   d-----w-   C:\Windows\PCHEALTH

2014-04-16 12:55:59  --------   d-----w-   C:\Windows\Autodesk_grid

2014-04-14 12:44:20  --------   d-----w-     C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Microsoft Help

.

==================== Find3M  ====================

.

2014-04-28 21:25:15  70832 ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-28 21:25:15  692400     ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe

2014-04-18 16:18:15  107368     ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll

2014-04-18 16:18:14  92488 ----a-w-   C:\Windows\System32\LMIinit.dll

2014-04-18 16:18:14  35656 ----a-w-   C:\Windows\System32\LMIport.dll

2014-04-10 16:18:09  107368     ----a-w-     C:\Windows\System32\LMIRfsClientNP.dll.000.bak

2014-03-31 20:20:54  274200     ----a-w-   C:\Windows\System32\drivers\avgtdia.sys

2014-03-31 20:06:26  130840     ----a-w-   C:\Windows\System32\drivers\avgmfx64.sys

2014-03-28 02:14:26  192792     ----a-w-   C:\Windows\System32\drivers\avgidsha.sys

2014-03-28 02:14:24  153368     ----a-w-   C:\Windows\System32\drivers\avgdiska.sys

2014-03-28 02:07:10  236824     ----a-w-   C:\Windows\System32\drivers\avgldx64.sys

2014-03-28 02:05:02  324376     ----a-w-   C:\Windows\System32\drivers\avgloga.sys

2014-03-28 02:03:16  32536 ----a-w-   C:\Windows\System32\drivers\avgrkx64.sys

2014-03-11 13:52:30  133928     ----a-w-     C:\Windows\System32\drivers\NisDrvWFP.sys

2014-03-06 09:31:33  4096 ----a-w-   C:\Windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04  66048 ----a-w-   C:\Windows\System32\iesetup.dll

2014-03-06 08:57:34  548352     ----a-w-   C:\Windows\System32\vbscript.dll

2014-03-06 08:57:20  48640 ----a-w-   C:\Windows\System32\ieetwproxystub.dll

2014-03-06 08:29:40  139264     ----a-w-   C:\Windows\System32\ieUnatt.exe

2014-03-06 08:29:14  111616     ----a-w-   C:\Windows\System32\ieetwcollector.exe

2014-03-06 08:28:15  752640     ----a-w-   C:\Windows\System32\jscript9diag.dll

2014-03-06 08:15:54  940032     ----a-w-     C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:11:41  5784064    ----a-w-   C:\Windows\System32\jscript9.dll

2014-03-06 08:02:34  61952 ----a-w-   C:\Windows\SysWow64\iesetup.dll

2014-03-06 08:02:33  455168     ----a-w-   C:\Windows\SysWow64\vbscript.dll

2014-03-06 08:01:01  51200 ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43  38400 ----a-w-     C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:46:36  4254720    ----a-w-   C:\Windows\SysWow64\jscript9.dll

2014-03-06 07:38:13  112128     ----a-w-   C:\Windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40  592896     ----a-w-   C:\Windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43  32256 ----a-w-     C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15  2043904    ----a-w-   C:\Windows\System32\inetcpl.cpl

2014-03-06 06:40:39  1967104    ----a-w-   C:\Windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40  2260480    ----a-w-   C:\Windows\System32\wininet.dll

2014-03-06 05:41:49  1789440    ----a-w-   C:\Windows\SysWow64\wininet.dll

2014-03-04 09:44:21  362496     ----a-w-   C:\Windows\System32\wow64win.dll

2014-03-04 09:44:21  243712     ----a-w-   C:\Windows\System32\wow64.dll

2014-03-04 09:44:21  13312 ----a-w-   C:\Windows\System32\wow64cpu.dll

2014-03-04 09:44:03  16384 ----a-w-   C:\Windows\System32\ntvdm64.dll

2014-03-04 09:17:19  14336 ----a-w-   C:\Windows\SysWow64\ntvdm64.dll

2014-03-04 09:17:05  44032 ----a-w-   C:\Windows\apppatch\acwow64.dll

2014-03-04 09:16:54  25600 ----a-w-   C:\Windows\SysWow64\setup16.exe

2014-03-04 09:16:18  5120 ----a-w-   C:\Windows\SysWow64\wow32.dll

2014-03-04 08:09:30  7680 ----a-w-   C:\Windows\SysWow64\instnm.exe

2014-03-04 08:09:29  2048 ----a-w-   C:\Windows\SysWow64\user.exe

.

============= FINISH: 16:51:23.90 ===============


Edited by Noviciate, 16 May 2014 - 02:26 PM.
Edited to change font.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:57 PM

Posted 16 May 2014 - 02:29 PM

Good evening. :)

Please do not post bold text, as above, or different fonts as it just makes things more difficult to work with.

 

To start with, you have two anti-virus programs running, which isn't a good idea - they can scuffle with each other causing issues. Please pick the one that you like and uninstall the other.

 

Once done, work through the following and post accordingly:

 

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 


So long, and thanks for all the fish.

 

 


#3 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 May 2014 - 10:41 AM

Thank you very much, Noviciate, for helping me with this issue.  Here is the ESET log (it found many threats):

 

C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R03GOL3.rar a variant of Win32/Spy.Banker.AAPM trojan

C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R2D8PUT.rar a variant of Win32/Spy.Banker.AAPM trojan
C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R7NO6YG.rar a variant of Win32/Spy.Banker.AAPM trojan
C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$RJCBJEH.rar a variant of Win32/Packed.Themida.AAG trojan
C:\Users\Jfitch\Desktop\Installed\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Jfitch\Desktop\Installed\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Temp\updater_temp_TuneUp\3.0.5.3\TuneUpInst-3.0.7.0.exe Win32/OpenCandy potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4375fb4f-347aad0d Java/Agent.FI trojan
C:\Users\jfitch.THEFITCHSTUDIO\Documents\SOFTWARE INSTALLERS\cdbxp_setup_4.3.9.2761.exe Win32/OpenCandy potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\Documents\SOFTWARE INSTALLERS\IZArc4.1.6.exe Win32/OpenCandy potentially unsafe application
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 16.zip Win32/AdWare.1ClickDownload.AR application
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 2.zip Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 4.zip Win32/OpenCandy potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 17.zip Win32/AdWare.1ClickDownload.AR application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 2.zip Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 5.zip Win32/OpenCandy potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-05-12 020001\Backup files 10.zip a variant of Win32/Spy.Banker.AAPM trojan
 
Please let me know what to do next.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:57 PM

Posted 18 May 2014 - 12:25 PM

Good evening. :))

C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R03GOL3.rar a variant of Win32/Spy.Banker.AAPM trojan

C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R2D8PUT.rar a variant of Win32/Spy.Banker.AAPM trojan
C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$R7NO6YG.rar a variant of Win32/Spy.Banker.AAPM trojan
C:\$RECYCLE.BIN\S-1-5-21-2165834337-2456557783-159523925-1119\$RJCBJEH.rar a variant of Win32/Packed.Themida.AAG trojan
 
These are things in the Recycle Bin and you can just empty it to deal with these.

C:\Users\Jfitch\Desktop\Installed\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Jfitch\Desktop\Installed\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jfitch\Desktop\Installed\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\Documents\SOFTWARE INSTALLERS\cdbxp_setup_4.3.9.2761.exe Win32/OpenCandy potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\Documents\SOFTWARE INSTALLERS\IZArc4.1.6.exe Win32/OpenCandy potentially unsafe application
 
These are installers that contain bundled junk and are known as PUPs - Potentially Unwanted Programs. That's minor irritations rather than serious threats and you should have a box to chechk/uncheck when you installed the relevant programs to avoid the toolbars that you could have, so not an issue.
 
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Temp\updater_temp_TuneUp\3.0.5.3\TuneUpInst-3.0.7.0.exe Win32/OpenCandy potentially unsafe application
C:\Users\jfitch.THEFITCHSTUDIO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4375fb4f-347aad0d Java/Agent.FI trojan
 
One temporary file and something in the Java cache that are easy to deal with.
 
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 16.zip Win32/AdWare.1ClickDownload.AR application
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 2.zip Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\QUERCUS\Backup Set 2014-01-10 183507\Backup Files 2014-01-10 183507\Backup files 4.zip Win32/OpenCandy potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 17.zip Win32/AdWare.1ClickDownload.AR application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 2.zip Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-03-17 020001\Backup files 5.zip Win32/OpenCandy potentially unsafe application
J:\QUERCUS\Backup Set 2014-03-17 020001\Backup Files 2014-05-12 020001\Backup files 10.zip a variant of Win32/Spy.Banker.AAPM trojan
 
These are your problem as I can't see inside zipped folders. If you need/trust them then keep them, otherwise get rid.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Download TFC (Temporary File Cleaner) by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I need you to post the second log that DDS created when you ran it - Attach.txt.

 


So long, and thanks for all the fish.

 

 


#5 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 May 2014 - 10:21 AM

OK.  TFC is complete.  You asked me to post the attach.txt file.  Here it is:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2011 5:30:15 AM
System Uptime: 5/13/2014 4:18:30 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AB6
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 536.223 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.636 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 228.785 GiB free.
G: is FIXED (NTFS) - 931 GiB total, 330.553 GiB free.
H: is NetworkDisk (NTFS) - 928 GiB total, 355.1 GiB free.
I: is NetworkDisk (NTFS) - 928 GiB total, 355.1 GiB free.
J: is FIXED (NTFS) - 466 GiB total, 48.65 GiB free.
M: is NetworkDisk (NTFS) - 928 GiB total, 355.1 GiB free.
Q: is NetworkDisk (NTFS) - 928 GiB total, 355.1 GiB free.
W: is Removable
X: is Removable
Y: is Removable
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: CDC Serial
Device ID: USB\VID_04E8&PID_6860&MI_01\7&C33DA0E&0&0001
Manufacturer: 
Name: CDC Serial
PNP Device ID: USB\VID_04E8&PID_6860&MI_01\7&C33DA0E&0&0001
Service: 
.
Class GUID: 
Description: SAMSUNG_Android_SCH-I535
Device ID: USB\VID_04E8&PID_6860&MI_03\7&C33DA0E&0&0003
Manufacturer: 
Name: SAMSUNG_Android_SCH-I535
PNP Device ID: USB\VID_04E8&PID_6860&MI_03\7&C33DA0E&0&0003
Service: 
.
==== System Restore Points ===================
.
RP481: 5/11/2014 1:42:35 AM - Windows Update
RP482: 5/12/2014 2:00:21 AM - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
AC3Filter 1.63b
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Standard
Adobe Digital Editions 2.0
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Agatha Christie - Peril at End House
Akamai NetSession Interface
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Wireless Display v3.0
Anti-Twin (Installation 8/23/2013)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
ATI Stream SDK v2 Developer
AVG 2014
AVG SafeGuard toolbar
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
AxCrypt 1.7.2687.0
Bass Audio Decoder (remove only)
Bejeweled 2 Deluxe
Belarc Advisor 8.2
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
calibre
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Audio Reader Filter (remove only)
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
CutePDF Writer 3.0
D3DX10
DCoder Image Source (remove only)
DGN to DWG Converter
Diner Dash 2 Restaurant Rescue
DirectVobSub (remove only)
Dora's World Adventure
DScaler 5 Mpeg Decoders
dupeGuru Music Edition
Duplicate Finder v4.2.0.0
DVD Menu Pack for HP MediaSmart Video
DWG TrueView 2012
EasyDuplicateFinder v4.5
Epson Customer Participation
Epson Event Manager
Epson FAX Utility
EPSON Scan
EPSON WF-7510 Series Printer Uninstall
EpsonNet Print
erLT
Escape Rosecliff Island
Farm Frenzy
FATE
ffdshow v1.1.3996 [2011-10-13]
FFMPEG Core Files (remove only)
File Shredder 2.0
FileZilla Client 3.5.2
Final Drive Nitro
Folder Size 2.9.0.0
Free Hide Folder
FreeFileSync v5.3
FVD Suite 2.7.5
Gabest MPEG Splitter (remove only)
Gadwin PrintScreen
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Chrome
Google Desktop
Google Earth
Google SketchUp Pro 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 6.0.0.1259
GPL Ghostscript
gPodder version 3.6.1
Haali Media Splitter
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
HydraVision
IDT Audio
Intel® Management Engine Components
Intel® Rapid Storage Technology
IrfanView (remove only)
iTunes
IZArc 4.1.6
Java 7 Update 45
Java 7 Update 9 (64-bit)
Java Auto Updater
Jewel Quest Solitaire 2
join.me
K-Lite Codec Pack 5.2.0 (64-bit)
LabelPrint
LastPass (uninstall only)
LAV Filters (remove only)
LightScribe System Software
Live Sound Recorder
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machete 3.7
Malwarebytes Anti-Malware version 1.75.0.1300
Masterworks
Masterworks Paragraph Builder
Maxthon Cloud Browser
Media Player Classic - Home Cinema v1.5.2.3456 x64
MediaInfo 0.7.52
Meridian Systems Prolog WebSite 2007 R2 Client
Meridian Systems Prolog Website 2007 R2 File Management Control
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Manager
MusicBee 2.0
Mystery P.I. - The London Caper
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PDF Settings CS5
Penguins!
PhotoNow!
Picture Resizer 1.0
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Python 2.7 PyGTK 2.24.0
Python 2.7.3
qBittorrent 3.1.4
QuickBooks
QuickBooks File Doctor
QuickBooks Premier: Accountant Edition 2011
Quicken 2012
QuickTime
RealMedia (remove only)
Recovery Manager
ReNamer
RoxioNow Player
RxFilters3D
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 
Skype Click to Call
Skype™ 6.11
Software Updater
Solway's Plain Backup 1.71
Spotify
SUPERAntiSpyware
TeamViewer 6
TuneUp 3.0.7.0
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vectorworks 2013 Help
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.11
Wheel of Fortune 2
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.10 beta 4 (64-bit)
Zinio Reader 4
Zoom Player (remove only)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/7/2014 5:08:35 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/13/2014 4:19:00 PM, Error: Microsoft-Windows-BitLocker-Driver [24620]  - Encrypted volume check: Volume information on  cannot be read.
5/13/2014 1:49:59 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================


#6 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 May 2014 - 10:24 AM

Oh, I should have mentioned that the problem persists...



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:57 PM

Posted 19 May 2014 - 01:34 PM

Good evening. :)

 

To deal with the last detection and also update Java:

1) Go here, click the Free Java Download button and save the file somewhere handy.

2) Pay a visit to this page for a tutorial and download link for JavaRa. This will completely remove Java from your system in preparation for  installing the latest version.

3) Once the removal process has been completed, run the installer you downloaded in Step One and that should be that.
 

Let me know when you've got that sorted.


So long, and thanks for all the fish.

 

 


#8 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 May 2014 - 05:40 PM

Well, I hate to say this.....the problem is still there, exactly as before.


I should have said first that i did follow your instructions to uninstall Java and then install a clean copy



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:57 PM

Posted 19 May 2014 - 06:15 PM

I think that it is unlikely that your PC has a SubSeven infection as I would expect your anti-virus, and other scanners, to pick up what is a very old infection. The step so far have just been to clean up detected malware and to get Java updated so that your system is less at risk than it might be.

 

I would guess that your system has some sort of registry error that has caused the video failure and detecting exactly what has gone wrong may be very difficult. Registry cleaners are a possibility, but they are something of a poisoned chalice as they can fix things, or make them worse, and occasionally worse to the point of borking an installation - I wouldn't run the risk personally.

 

If the problem has just occurred then a System Restore could resolve the issue, although you will need to carry out the Java update again afterwards as it will be undone by this step. Let me know how long you've had the problem.

 

Failing that, if you have the Windows Installation disk you could try a repair Install which may resolve the issue. Let me know if you have the necessary disk.


So long, and thanks for all the fish.

 

 


#10 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 22 May 2014 - 06:08 AM

Hi--

I did a system restore as you suggested and the problem is gone.  I thank you sincerely for your help. 



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:57 PM

Posted 22 May 2014 - 11:13 AM

Good evening. :)

Glad to hear, well read, it. Don't forget to run the Java update again before you go.

 

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users