Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus keeping security programs from operating.


  • This topic is locked This topic is locked
19 replies to this topic

#1 lizerb

lizerb

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 15 July 2014 - 01:14 PM

Hey guys, I have had a problem with my laptop for a week or so. I believe I am infected because I can't operate any security programs at all. Malwarebytes hangs when I scan. Windows Defender hangs as well. Everytime I try to get to the Windows recovery menu it freezes that as well. I am on Windows 8.1, my laptop is a lenovo y500. I have downloaded roguekiller and combofix but haven't messed with them yet.

 

I have also ran a sfc scan and it says I have files that are corrupted but can't fix them.

I appreciate the help a ton.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 20 July 2014 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 24 July 2014 - 08:27 PM

Alright sorry for the long wait on a reply, I was camping on the weekend and have been working everyday since. After adwcleaner is finished scanning it restarts but Windows freezes on restart. Just thought I would add that in. Farbar doesn't finish scanning it hangs on extra files check. I did manage to grab the log though. So I hope you can find out whatever is going on with my laptop. I would massively appreciate the help.

 

Here is my adwcleaner log.

 

# AdwCleaner v3.216 - Report created 24/07/2014 at 18:11:02
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : will - WILL
# Running from : C:\Users\will\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\us6evloe.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={39757715-9317-11E2-BE7A-6036DDFE0CE4}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6087CCA6-00B8-4AF5-842F-B736904BECCF}&mid=fb3f31df1079a0832a1b07e4ea416618-e0d3572870568fefd541b0e71b17abd21d239f7b&lang=en&ds=AVG&pr=fr&d=2012-05-05 11:18:23&v=11.1.0.12&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3209 octets] - [22/07/2014 18:11:21]
AdwCleaner[R1].txt - [1541 octets] - [24/07/2014 18:10:10]
AdwCleaner[S0].txt - [2964 octets] - [22/07/2014 18:13:19]
AdwCleaner[S1].txt - [1470 octets] - [24/07/2014 18:11:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1530 octets] ##########
 
Here is my Farbar log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by will (administrator) on WILL on 22-07-2014 18:30:19
Running from C:\Users\will\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Dropbox, Inc.) C:\Users\will\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech©) C:\Program Files (x86)\Logitech\G930\G930.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => KHALMNPR.EXE 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-18] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-10-04] (Synaptics)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2958648 2012-10-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Logitech G930] => C:\Program Files (x86)\Logitech\G930\G930.exe [1516888 2011-03-23] (Logitech©)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Core\RazerCore.exe [1073368 2013-05-03] (Razer)
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\Run: [Spotify Web Helper] => C:\Users\will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-02-14] (Spotify Ltd)
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\MountPoints2: {14cdd5d2-75a0-11e3-beb3-6036ddfe0ce4} - "F:\Autorun.exe" 
HKU\S-1-5-21-520607620-3421312209-1649470835-1002\...\MountPoints2: {e0220dcf-878d-11e2-be6b-806e6f6e6963} - "E:\install.exe" 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\will\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - DefaultScope {265B838D-9D63-424E-A2F4-9B38702155E2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {265B838D-9D63-424E-A2F4-9B38702155E2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {265B838D-9D63-424E-A2F4-9B38702155E2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {265B838D-9D63-424E-A2F4-9B38702155E2} URL = 
SearchScopes: HKCU - {6B1555ED-7619-4C37-A7BF-F2C440483073} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5-x64 09 C:\windows\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\windows\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\us6evloe.default
FF Homepage: hxxp://ogame.us/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\will\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\will\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\will\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: AntiGameOrigin - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\us6evloe.default\Extensions\antigameorigin@antigame.de.xpi [2014-06-21]
FF Extension: Lightbeam - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\us6evloe.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-27]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR StartupUrls: "hxxp://google.com/"
CHR Extension: (BetterTTV) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-03-12]
CHR Extension: (Galaxytoolbar for Chrome) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\baphbmdmbobikapopnggboiopbinogeo [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Cast) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-20]
CHR Extension: (Guitarist's Reference) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2014-01-17]
CHR Extension: (AdBlock) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-17]
CHR Extension: (Cargo Bridge) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-01-17]
CHR Extension: (Skype Click to Call) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-17]
CHR Extension: (Google Wallet) - C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-29] () [File not signed]
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
U3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2013-02-12] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-18] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-04-17] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [31448 2013-05-03] (Razer)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-02-25] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1495040 2013-02-25] (Soluto) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-05] (Disc Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-07-22] ()
R3 LADF_BakerCOnly; C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
R3 LADF_BakerROnly; C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8244312 2014-06-26] (Realtek Semiconductor Corp.)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [128856 2013-05-02] (Razer USA Ltd)
R3 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74456 2013-05-02] (Razer USA Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-04] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-18] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-22 18:30 - 2014-07-22 18:30 - 00024492 _____ () C:\Users\will\Downloads\FRST.txt
2014-07-22 18:16 - 2014-07-22 18:16 - 00000314 _____ () C:\WINDOWS\PFRO.log
2014-07-22 18:11 - 2014-07-22 18:30 - 00000000 ____D () C:\FRST
2014-07-22 18:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-22 18:08 - 2014-07-22 18:13 - 00000000 ____D () C:\AdwCleaner
2014-07-22 18:08 - 2014-07-22 18:08 - 02090496 _____ (Farbar) C:\Users\will\Downloads\FRST64.exe
2014-07-22 18:08 - 2014-07-22 18:08 - 01354223 _____ () C:\Users\will\Downloads\adwcleaner_3.216.exe
2014-07-22 18:05 - 2014-07-22 18:24 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-07-18 09:22 - 2014-07-18 09:22 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-18 09:22 - 2014-07-18 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 09:21 - 2014-07-18 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 09:21 - 2014-07-18 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 09:21 - 2014-07-18 09:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-18 09:21 - 2014-07-18 09:21 - 00000000 ____D () C:\Program Files\iPod
2014-07-18 08:47 - 2014-07-18 08:48 - 00000000 ____D () C:\Users\will\Downloads\Pearl Jam - Riot Act
2014-07-17 20:34 - 2014-07-17 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 22:12 - 2014-07-16 22:12 - 03358176 _____ () C:\Users\will\Downloads\advisorinstaller.exe
2014-07-16 22:08 - 2014-07-16 22:08 - 06431728 _____ (Microsoft Corporation) C:\Users\will\Downloads\OSGS14-WindowsSetupBox-32bitand64bit-English-4141408.exe
2014-07-15 18:20 - 2014-07-15 18:20 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-15 18:20 - 2014-07-15 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-15 18:20 - 2014-07-15 18:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-15 18:19 - 2014-07-16 19:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 18:09 - 2014-07-15 18:10 - 11185664 _____ (SurfRight B.V.) C:\Users\will\Downloads\HitmanPro_x64.exe
2014-07-15 02:11 - 2014-07-18 09:30 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-07-15 02:11 - 2014-07-15 02:11 - 04770904 _____ () C:\Users\will\Downloads\RogueKiller.exe
2014-07-15 02:11 - 2014-07-15 02:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 02:07 - 2014-07-15 02:07 - 05220800 _____ (Swearware) C:\Users\will\Downloads\ComboFix.exe
2014-07-14 23:31 - 2014-07-14 23:31 - 00002502 _____ () C:\Users\will\Desktop\Rkill.txt
2014-07-14 23:30 - 2014-07-14 23:31 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\will\Downloads\rkill.exe
2014-07-13 17:26 - 2014-07-13 17:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-13 17:26 - 2014-07-13 17:26 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-12 17:24 - 2014-07-12 17:24 - 04812672 _____ (Piriform Ltd) C:\Users\will\Downloads\ccsetup415.exe
2014-07-11 14:05 - 2014-07-11 15:31 - 00000000 ____D () C:\WINDOWS\pss
2014-07-11 11:42 - 2014-07-11 11:42 - 00018960 _____ () C:\Users\will\Downloads\1D23B731B0635DE03DC34167BBF73DB0FFA87368.torrent
2014-07-11 01:54 - 2014-07-11 01:54 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\will\Downloads\CreativeCloudSet-Up.exe
2014-07-11 01:54 - 2014-07-11 01:54 - 00000000 ____D () C:\Users\will\AppData\Local\Adobe
2014-07-04 16:34 - 2014-07-04 16:34 - 00870082 _____ () C:\Users\will\Downloads\odst helmet by hugh v2.pdo
2014-07-02 16:40 - 2014-07-02 16:40 - 00003084 _____ () C:\WINDOWS\System32\Tasks\{AD380786-7BD2-4F71-B0B0-1B93169DC87E}
2014-06-28 10:47 - 2014-06-28 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 10:47 - 2014-06-28 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 10:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 10:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-26 13:39 - 2014-06-26 13:39 - 08244312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2014-06-26 13:39 - 2014-06-26 13:39 - 06340312 _____ (Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
2014-06-26 13:39 - 2014-06-26 13:39 - 02628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2014-06-26 13:39 - 2014-06-26 13:39 - 00473304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2014-06-26 13:39 - 2014-06-26 13:39 - 00421080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2014-06-26 13:39 - 2014-06-26 13:39 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-06-26 12:08 - 2014-06-26 12:10 - 00000000 ____D () C:\Users\will\Documents\Heroes of the Storm
2014-06-26 11:43 - 2014-06-26 11:43 - 00001162 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-06-26 11:43 - 2014-06-26 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-06-26 11:31 - 2014-07-04 20:01 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-06-26 11:21 - 2014-06-26 11:22 - 07080744 _____ (Blizzard Entertainment) C:\Users\will\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2014-06-26 10:32 - 2014-06-26 10:32 - 05597664 _____ (Uniblue Systems Ltd ) C:\Users\will\Downloads\driverscanner.exe
2014-06-26 10:09 - 2014-06-26 10:09 - 00000000 ____D () C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-06-26 10:09 - 2014-06-26 10:09 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-06-26 10:08 - 2014-06-26 10:08 - 00141480 _____ () C:\Users\will\Downloads\bluescreenview_setup.exe
2014-06-23 11:33 - 2014-06-23 11:33 - 00003132 _____ () C:\WINDOWS\System32\Tasks\{224A3D2D-4031-42C3-A38E-483C4E90D519}
2014-06-22 21:50 - 2014-07-22 18:25 - 00000000 ____D () C:\Users\will\AppData\Roaming\DropboxMaster
2014-06-22 11:00 - 2014-06-22 11:00 - 00003068 _____ () C:\WINDOWS\System32\Tasks\{DB8B7491-01E9-4E6F-8D83-493BB51FBDDE}
2014-06-22 10:06 - 2014-06-22 10:07 - 07878008 _____ (Microsoft Corporation) C:\Users\will\Downloads\Xbox360_64Eng.exe
2014-06-22 10:06 - 2014-06-22 10:07 - 07878008 _____ (Microsoft Corporation) C:\Users\will\Downloads\Xbox360_64Eng (1).exe
 
==================== One Month Modified Files and Folders =======
 
2014-07-22 18:33 - 2013-03-21 16:01 - 00000000 ____D () C:\Users\will\AppData\Local\PMB Files
2014-07-22 18:30 - 2014-07-22 18:30 - 00024492 _____ () C:\Users\will\Downloads\FRST.txt
2014-07-22 18:30 - 2014-07-22 18:11 - 00000000 ____D () C:\FRST
2014-07-22 18:27 - 2013-11-13 10:56 - 00000000 __RDO () C:\Users\will\SkyDrive
2014-07-22 18:27 - 2013-03-29 12:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-22 18:27 - 2013-03-21 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-22 18:26 - 2013-09-29 21:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-22 18:25 - 2014-06-22 21:50 - 00000000 ____D () C:\Users\will\AppData\Roaming\DropboxMaster
2014-07-22 18:25 - 2013-12-23 13:00 - 00000000 ____D () C:\Users\will\AppData\Local\Deployment
2014-07-22 18:25 - 2013-05-21 11:57 - 00000000 ___RD () C:\Users\will\Dropbox
2014-07-22 18:25 - 2013-05-21 11:51 - 00000000 ____D () C:\Users\will\AppData\Roaming\Dropbox
2014-07-22 18:24 - 2014-07-22 18:05 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-07-22 18:23 - 2013-03-21 15:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-520607620-3421312209-1649470835-1002
2014-07-22 18:17 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 18:16 - 2014-07-22 18:16 - 00000314 _____ () C:\WINDOWS\PFRO.log
2014-07-22 18:16 - 2013-11-13 00:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 18:13 - 2014-07-22 18:08 - 00000000 ____D () C:\AdwCleaner
2014-07-22 18:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 18:08 - 2014-07-22 18:08 - 02090496 _____ (Farbar) C:\Users\will\Downloads\FRST64.exe
2014-07-22 18:08 - 2014-07-22 18:08 - 01354223 _____ () C:\Users\will\Downloads\adwcleaner_3.216.exe
2014-07-22 18:04 - 2013-11-13 00:55 - 01832078 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 17:59 - 2013-03-21 16:57 - 00352768 ___SH () C:\Users\will\Desktop\Thumbs.db
2014-07-19 03:36 - 2013-03-21 15:46 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 01:40 - 2013-11-22 14:27 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1771DD4D-11E9-4000-B392-D0298EAC7B0E}
2014-07-18 09:30 - 2014-07-15 02:11 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-07-18 09:24 - 2013-03-21 16:02 - 00000000 ____D () C:\Users\will\AppData\Roaming\uTorrent
2014-07-18 09:22 - 2014-07-18 09:22 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-18 09:22 - 2014-07-18 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 09:22 - 2014-07-18 09:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 09:22 - 2014-07-18 09:21 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 09:22 - 2014-07-18 09:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-18 09:21 - 2014-07-18 09:21 - 00000000 ____D () C:\Program Files\iPod
2014-07-18 08:54 - 2013-03-22 01:17 - 00000000 ____D () C:\Users\will\AppData\Roaming\Skype
2014-07-18 08:48 - 2014-07-18 08:47 - 00000000 ____D () C:\Users\will\Downloads\Pearl Jam - Riot Act
2014-07-17 20:34 - 2014-07-17 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 22:12 - 2014-07-16 22:12 - 03358176 _____ () C:\Users\will\Downloads\advisorinstaller.exe
2014-07-16 22:08 - 2014-07-16 22:08 - 06431728 _____ (Microsoft Corporation) C:\Users\will\Downloads\OSGS14-WindowsSetupBox-32bitand64bit-English-4141408.exe
2014-07-16 19:54 - 2014-07-15 18:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-15 18:20 - 2014-07-15 18:20 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-15 18:20 - 2014-07-15 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-15 18:20 - 2014-07-15 18:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-15 18:10 - 2014-07-15 18:09 - 11185664 _____ (SurfRight B.V.) C:\Users\will\Downloads\HitmanPro_x64.exe
2014-07-15 02:11 - 2014-07-15 02:11 - 04770904 _____ () C:\Users\will\Downloads\RogueKiller.exe
2014-07-15 02:11 - 2014-07-15 02:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 02:07 - 2014-07-15 02:07 - 05220800 _____ (Swearware) C:\Users\will\Downloads\ComboFix.exe
2014-07-15 01:04 - 2013-11-13 01:01 - 00000000 ____D () C:\Users\will
2014-07-14 23:31 - 2014-07-14 23:31 - 00002502 _____ () C:\Users\will\Desktop\Rkill.txt
2014-07-14 23:31 - 2014-07-14 23:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\will\Downloads\rkill.exe
2014-07-14 22:39 - 2013-03-21 19:06 - 00101888 ___SH () C:\Users\will\Thumbs.db
2014-07-13 19:53 - 2013-03-21 15:58 - 00000000 ____D () C:\Users\will\Downloads\Halo 3
2014-07-13 17:26 - 2014-07-13 17:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-13 17:26 - 2014-07-13 17:26 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-12 17:24 - 2014-07-12 17:24 - 04812672 _____ (Piriform Ltd) C:\Users\will\Downloads\ccsetup415.exe
2014-07-12 17:24 - 2013-05-21 12:01 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 17:24 - 2013-03-21 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 17:24 - 2013-03-21 16:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-12 16:08 - 2014-06-21 17:16 - 00000222 _____ () C:\Users\will\Desktop\Metal Slug 3.url
2014-07-11 16:27 - 2014-05-13 22:27 - 05659136 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-11 16:27 - 2013-03-29 12:25 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-11 15:39 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-11 15:31 - 2014-07-11 14:05 - 00000000 ____D () C:\WINDOWS\pss
2014-07-11 14:06 - 2013-08-22 06:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-11 12:45 - 2014-01-21 21:45 - 00000000 ____D () C:\Users\will\AppData\Local\Battle.net
2014-07-11 11:47 - 2014-01-21 21:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-11 11:42 - 2014-07-11 11:42 - 00018960 _____ () C:\Users\will\Downloads\1D23B731B0635DE03DC34167BBF73DB0FFA87368.torrent
2014-07-11 01:54 - 2014-07-11 01:54 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\will\Downloads\CreativeCloudSet-Up.exe
2014-07-11 01:54 - 2014-07-11 01:54 - 00000000 ____D () C:\Users\will\AppData\Local\Adobe
2014-07-09 21:10 - 2013-11-07 15:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-04 20:01 - 2014-06-26 11:31 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-07-04 18:51 - 2013-08-14 16:04 - 00000000 ____D () C:\ProgramData\Origin
2014-07-04 18:44 - 2013-08-14 16:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-04 18:44 - 2013-03-21 16:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-04 16:34 - 2014-07-04 16:34 - 00870082 _____ () C:\Users\will\Downloads\odst helmet by hugh v2.pdo
2014-07-02 16:40 - 2014-07-02 16:40 - 00003084 _____ () C:\WINDOWS\System32\Tasks\{AD380786-7BD2-4F71-B0B0-1B93169DC87E}
2014-06-30 16:59 - 2014-01-21 21:46 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-28 10:47 - 2014-06-28 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 10:47 - 2014-06-28 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 10:47 - 2013-07-04 14:12 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 10:47 - 2013-07-04 14:12 - 00000000 ____D () C:\Users\will\AppData\Roaming\Malwarebytes
2014-06-28 10:47 - 2013-07-04 14:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 10:47 - 2013-07-04 14:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-28 00:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-26 13:39 - 2014-06-26 13:39 - 08244312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2014-06-26 13:39 - 2014-06-26 13:39 - 06340312 _____ (Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
2014-06-26 13:39 - 2014-06-26 13:39 - 02628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2014-06-26 13:39 - 2014-06-26 13:39 - 00473304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2014-06-26 13:39 - 2014-06-26 13:39 - 00421080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2014-06-26 13:39 - 2014-06-26 13:39 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-06-26 12:10 - 2014-06-26 12:08 - 00000000 ____D () C:\Users\will\Documents\Heroes of the Storm
2014-06-26 12:08 - 2013-10-23 10:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-26 11:45 - 2013-10-23 10:32 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-26 11:43 - 2014-06-26 11:43 - 00001162 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-06-26 11:43 - 2014-06-26 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-06-26 11:22 - 2014-06-26 11:21 - 07080744 _____ (Blizzard Entertainment) C:\Users\will\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2014-06-26 10:32 - 2014-06-26 10:32 - 05597664 _____ (Uniblue Systems Ltd ) C:\Users\will\Downloads\driverscanner.exe
2014-06-26 10:09 - 2014-06-26 10:09 - 00000000 ____D () C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-06-26 10:09 - 2014-06-26 10:09 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-06-26 10:08 - 2014-06-26 10:08 - 00141480 _____ () C:\Users\will\Downloads\bluescreenview_setup.exe
2014-06-24 16:06 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-24 15:41 - 2013-10-27 01:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 11:33 - 2014-06-23 11:33 - 00003132 _____ () C:\WINDOWS\System32\Tasks\{224A3D2D-4031-42C3-A38E-483C4E90D519}
2014-06-22 21:50 - 2013-05-21 11:53 - 00001072 _____ () C:\Users\will\Desktop\Dropbox.lnk
2014-06-22 21:50 - 2013-05-21 11:53 - 00000000 ____D () C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-22 11:00 - 2014-06-22 11:00 - 00003068 _____ () C:\WINDOWS\System32\Tasks\{DB8B7491-01E9-4E6F-8D83-493BB51FBDDE}
2014-06-22 10:07 - 2014-06-22 10:06 - 07878008 _____ (Microsoft Corporation) C:\Users\will\Downloads\Xbox360_64Eng.exe
2014-06-22 10:07 - 2014-06-22 10:06 - 07878008 _____ (Microsoft Corporation) C:\Users\will\Downloads\Xbox360_64Eng (1).exe
2014-06-22 09:38 - 2014-02-16 08:22 - 00000000 ____D () C:\Users\will\Documents\Respawn
 
Some content of TEMP:
====================
C:\Users\will\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu8wifz.dll
C:\Users\will\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 

Edited by lizerb, 24 July 2014 - 08:34 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 25 July 2014 - 08:22 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\will\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 29 July 2014 - 07:29 PM

Here is my FRST log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-07-2014
Ran by will at 2014-07-25 20:03:12 Run:1
Running from C:\Users\will\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\will\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
 
End
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\will\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value not found.
cpuz136 => Unable to stop service
cpuz136 => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
And here is my Security Check log
 

Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (30.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Spybot Teatimer.exe is disabled! 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 30 July 2014 - 08:08 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51

===

How is the computer running now?

#7 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 30 July 2014 - 09:24 PM

Alright so I installed the latest version of Java, the computer still has all the same problems. Device manager hangs, whenever I restart it fails and goes to bsod, boot time is considerably longer. I can't access system restore, or even try to refresh windows. My USB ports only work until I unplug the device from it. If I try to reconnect my logitech mouse it doesn't light up or work at all. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 31 July 2014 - 09:26 AM


Let see what we can find about the BSOD.


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#9 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 31 July 2014 - 12:57 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by will (administrator) on 31-07-2014 at 10:56:47
Running from "C:\Users\will\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Will
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 60-36-DD-FE-0C-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 60-36-DD-FE-0C-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2c64:4873:7892:a180%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, July 30, 2014 7:04:07 PM
   Lease Expires . . . . . . . . . . : Friday, August 01, 2014 5:31:12 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 325072605
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-CA-F4-9C-28-D2-44-04-E8-AF
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 28-D2-44-04-E8-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2830:94f:3f57:fefc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2830:94f:3f57:fefc%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 251658240
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-CA-F4-9C-28-D2-44-04-E8-AF
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{689BB2B1-E199-46BC-A1E2-5EC4A75CBA20}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4010:801::1008
 74.125.239.99
 74.125.239.104
 74.125.239.102
 74.125.239.100
 74.125.239.110
 74.125.239.101
 74.125.239.97
 74.125.239.98
 74.125.239.96
 74.125.239.103
 74.125.239.105
 
 
Pinging google.com [74.125.239.103] with 32 bytes of data:
Reply from 74.125.239.103: bytes=32 time=20ms TTL=55
Reply from 74.125.239.103: bytes=32 time=15ms TTL=55
 
Ping statistics for 74.125.239.103:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 20ms, Average = 17ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=44ms TTL=50
Reply from 206.190.36.45: bytes=32 time=37ms TTL=50
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 44ms, Average = 40ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...60 36 dd fe 0c e1 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...60 36 dd fe 0c e0 ......Intel® Centrino® Wireless-N 2230
  3...28 d2 44 04 e8 af ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:5ef5:79fb:2830:94f:3f57:fefc/128
                                    On-link
  4    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::2830:94f:3f57:fefc/128
                                    On-link
  4    281 fe80::2c64:4873:7892:a180/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\windows\System32\wlidnsp.dll [73216] (Microsoft Corporation)
x64-Catalog5 10 C:\windows\System32\wlidnsp.dll [73216] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/31/2014 10:56:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.2702, time stamp: 0x521fc6cc
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x000000000002cc39
Faulting process id: 0x1e14
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Faulting package full name: nvtray.exe4
Faulting package-relative application ID: nvtray.exe5
 
Error: (07/31/2014 10:56:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.2702, time stamp: 0x521fc6cc
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x000000000002cc39
Faulting process id: 0xe8c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Faulting package full name: nvtray.exe4
Faulting package-relative application ID: nvtray.exe5
 
Error: (07/31/2014 10:51:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.2702, time stamp: 0x521fc6cc
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x000000000002cc39
Faulting process id: 0x2008
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Faulting package full name: nvtray.exe4
Faulting package-relative application ID: nvtray.exe5
 
Error: (07/31/2014 10:51:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.2702, time stamp: 0x521fc6cc
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x000000000002cc39
Faulting process id: 0x190c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Faulting package full name: nvtray.exe4
Faulting package-relative application ID: nvtray.exe5
 
Error: (07/31/2014 04:01:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/31/2014 04:01:19 AM) (Source: SideBySide) (User: )
 
Error: (07/31/2014 03:04:24 AM) (Source: Microsoft-Windows-CertificateServicesClient) (User: WILL)
Description: Certificate Services Client  failed to invoke the Providers in response to event 512. Error code 2147942593.
 
Error: (07/31/2014 03:04:24 AM) (Source: Microsoft-Windows-CertificateServicesClient) (User: WILL)
Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 193.
 
Error: (07/31/2014 03:04:06 AM) (Source: Microsoft-Windows-CertificateServicesClient) (User: NT AUTHORITY)
Description: Certificate Services Client  failed to invoke the Providers in response to event 256. Error code 2147942593.
 
Error: (07/31/2014 03:04:06 AM) (Source: Microsoft-Windows-CertificateServicesClient) (User: NT AUTHORITY)
Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 193.
 
 
System errors:
=============
Error: (07/30/2014 11:31:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (07/30/2014 11:29:00 PM) (Source: Service Control Manager) (User: )
Description: The Optimize drives service terminated with the following error: 
%%193
 
Error: (07/30/2014 11:24:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053VSSUnavailable{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (07/30/2014 11:24:34 PM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (07/30/2014 11:24:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (07/30/2014 11:24:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053VSSUnavailable{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (07/30/2014 11:24:17 PM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (07/30/2014 11:24:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (07/30/2014 11:24:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053VSSUnavailable{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (07/30/2014 11:24:02 PM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/31/2014 10:56:18 AM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.2702521fc6ccntdll.dll6.3.9600.17031530895afc0000005000000000002cc391e1401cface8bb21797eC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\WINDOWS\SYSTEM32\ntdll.dllf8cf9b4b-18db-11e4-bef1-28d24404e8af
 
Error: (07/31/2014 10:56:16 AM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.2702521fc6ccntdll.dll6.3.9600.17031530895afc0000005000000000002cc39e8c01cface8b9e23287C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\WINDOWS\SYSTEM32\ntdll.dllf7913ed7-18db-11e4-bef1-28d24404e8af
 
Error: (07/31/2014 10:51:44 AM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.2702521fc6ccntdll.dll6.3.9600.17031530895afc0000005000000000002cc39200801cface817824db4C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\WINDOWS\SYSTEM32\ntdll.dll55306f81-18db-11e4-bef1-28d24404e8af
 
Error: (07/31/2014 10:51:42 AM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.2702521fc6ccntdll.dll6.3.9600.17031530895afc0000005000000000002cc39190c01cface815dba578C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\WINDOWS\SYSTEM32\ntdll.dll53d9a505-18db-11e4-bef1-28d24404e8af
 
Error: (07/31/2014 04:01:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery\QT\FacebookQT_D.exe
 
Error: (07/31/2014 04:01:19 AM) (Source: SideBySide)(User: )
Description: http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe
 
Error: (07/31/2014 03:04:24 AM) (Source: Microsoft-Windows-CertificateServicesClient)(User: WILL)
Description: 5122147942593
 
Error: (07/31/2014 03:04:24 AM) (Source: Microsoft-Windows-CertificateServicesClient)(User: WILL)
Description: pautoenr.dll193
 
Error: (07/31/2014 03:04:06 AM) (Source: Microsoft-Windows-CertificateServicesClient)(User: NT AUTHORITY)
Description: 2562147942593
 
Error: (07/31/2014 03:04:06 AM) (Source: Microsoft-Windows-CertificateServicesClient)(User: NT AUTHORITY)
Description: pautoenr.dll193
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-31 04:02:29.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:47:00.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:47:00.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-30 22:46:59.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
**** End of log ****


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 31 July 2014 - 01:16 PM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#11 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 31 July 2014 - 01:24 PM

Farbar Service Scanner Version: 21-07-2014
Ran by will (administrator) on 31-07-2014 at 11:24:03
Running from "C:\Users\will\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 01 August 2014 - 07:50 AM


Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Navigate to this page:
http://download.bleepingcomputer.com/win-services/8/

Download following registry files to your desktops:

VSS.reg

Double click on on each downloaded files and confirm the prompt.
Restart computer normally.
Post new FSS log.

How is the computer running now?

#13 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 01 August 2014 - 01:04 PM

So I tried to create a system restore point but I can't. The volume shadow copy service is stopped and can't start. I get an error 1053 where it says it couldn't start in a timely manner so it timed out. What would happen if I didn't make a system restore point, and download the registry files?


Edited by lizerb, 01 August 2014 - 01:05 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 AM

Posted 01 August 2014 - 01:20 PM

Reverse these instructions.

http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-do-i-turn-off-volume-shadow-copy/1d6c21d0-744a-4a64-8bf8-36dff4c1c981

#15 lizerb

lizerb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 01 August 2014 - 01:30 PM

The only option for volume shadow copy is to click start. I can't hit stop or anything. Every time I hit start it pops up the error.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users