Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=I


  • This topic is locked This topic is locked
2 replies to this topic

#1 spent646

spent646

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 22 July 2014 - 03:47 PM

Cannot start application error pops up randomly while nothing is running and sometimes while I am running programs. When I click on details this is what I get in the TXT document.
 
PLATFORM VERSION INFO
Windows : 6.1.7601.65536 (Win32NT)
Common Language Runtime : 4.0.30319.1
System.Deployment.dll : 4.0.30319.1 (RTMRel.030319-0100)
clr.dll : 4.0.30319.1 (RTMRel.030319-0100)
dfdll.dll : 4.0.30319.1 (RTMRel.030319-0100)
dfshim.dll : 4.0.31106.0 (Main.031106-0000)
 
SOURCES
Deployment url : http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE
 
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE resulted in exception. Following failure messages were detected:
+ Exception reading manifest from http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE: the manifest may not be valid or the file could not be opened.
+ An error occurred while parsing EntityName. Line 1, position 43.
 
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
 
WARNINGS
There were no warnings during this operation.
 
OPERATION PROGRESS STATUS
* [7/22/2014 4:11:14 PM] : Activation of http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE has started.
 
ERROR DETAILS
Following errors were detected during this operation.
* [7/22/2014 4:11:14 PM] System.Deployment.Application.InvalidDeploymentException (ManifestParse)
- Exception reading manifest from http://ads.firstimpwins.com/creative/2-002137026-00001i;size=4;tag_id=4649;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE: the manifest may not be valid or the file could not be opened.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirectBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Xml.XmlException
- An error occurred while parsing EntityName. Line 1, position 43.
- Source: System.Xml
- Stack trace:
at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
at System.Xml.XmlTextReaderImpl.ParseEntityName()
at System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr)
at System.Xml.XmlTextReaderImpl.ParseAttributes()
at System.Xml.XmlTextReaderImpl.ParseElement()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlCharCheckingReader.Read()
at System.Xml.XsdValidatingReader.Read()
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
 
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
 
 
I saw someone on here with a simular problem and you requested that he run farbar. So I did that and here is what it gave me.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Nikki (administrator) on NIKKI-PC on 22-07-2014 16:33:06
Running from C:\Users\Nikki\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(VM Host Corporation) C:\ProgramData\MediaDev\1404455479\mediadev.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VM Host Corporation) C:\ProgramData\Online\sv.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\UpdateTask\vmhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\ProgramData\UpdateTask\vmhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-772220480-3258018500-2685158432-1000\...\MountPoints2: {d36a2fcb-f2dc-11e1-b7cb-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
HKU\S-1-5-21-772220480-3258018500-2685158432-1000\...\MountPoints2: {d6dbf69c-e92b-11e3-b299-0030678d3ac2} - E:\MotorolaDeviceManagerSetup.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM-x32 - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S04375^us&si=101497&ptb=01614174-ACA3-4546-A62B-B50C1F562F6C&ind=2013020401&n=77fc40f1&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AMD&o=10626&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D1&apn_dtid=YYYYYYYYUS&apn_uid=8D45BEA6-84CF-4D99-A6F0-341E442F5D37&apn_sauid=13170B8E-8493-45A6-AC18-FFB6F8047740
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AMD&o=10626&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D1&apn_dtid=YYYYYYYYUS&apn_uid=8D45BEA6-84CF-4D99-A6F0-341E442F5D37&apn_sauid=13170B8E-8493-45A6-AC18-FFB6F8047740
SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S04375^us&si=101497&ptb=01614174-ACA3-4546-A62B-B50C1F562F6C&ind=2013020401&n=77fc40f1&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {F95C2430-6458-49C7-B945-B0ACD6D05CB1} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default
FF DefaultSearchEngine: Search Module
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.9.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default\searchplugins\my-web-search.xml

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-28]
CHR Extension: (Google Search) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-28]
CHR Extension: (Google Wallet) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-28]
CHR Extension: (Extutil) - C:\Users\Nikki\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-20]
CHR Extension: (Managera) - C:\Users\Nikki\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-20]

==================== Services (Whitelisted) =================

R2 MediaDevSrv; C:\ProgramData\MediaDev\1404455479\mediadev.exe [366952 2014-07-04] (VM Host Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2012-12-22] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDevSrv; C:\ProgramData\Online\sv.exe [389992 2014-07-02] (VM Host Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-03-26] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-03-26] (Beceem communications pvt ltd.)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2c64.sys [15408 2010-05-17] (BIOSTAR Group)
S3 cm_net; C:\Windows\System32\DRIVERS\cm_net.sys [133120 2008-05-29] (C-motech Co.,Ltd.)
S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 16:33 - 2014-07-22 16:34 - 00015039 _____ () C:\Users\Nikki\Downloads\FRST.txt
2014-07-22 16:32 - 2014-07-22 16:33 - 00000000 ____D () C:\FRST
2014-07-22 16:32 - 2014-07-22 16:32 - 02090496 _____ (Farbar) C:\Users\Nikki\Downloads\FRST64.exe
2014-07-05 18:28 - 2014-07-05 18:28 - 00000000 ____D () C:\ruth wedding
2014-07-04 02:31 - 2014-07-04 02:31 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-02 07:28 - 2014-07-11 19:09 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-07-02 07:21 - 2014-07-04 02:16 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-02 07:21 - 2014-07-02 07:21 - 00000000 ____D () C:\ProgramData\SearchModule
2014-07-02 07:19 - 2014-07-04 02:31 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-02 07:18 - 2014-07-04 02:26 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\serv
2014-07-02 07:18 - 2014-07-02 07:19 - 00000000 ____D () C:\ProgramData\Online
2014-07-02 07:18 - 2014-07-02 07:18 - 00946472 _____ () C:\Users\Nikki\Downloads\java_installer.exe
2014-06-29 16:01 - 2014-06-29 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-22 16:34 - 2014-07-22 16:33 - 00015039 _____ () C:\Users\Nikki\Downloads\FRST.txt
2014-07-22 16:33 - 2014-07-22 16:32 - 00000000 ____D () C:\FRST
2014-07-22 16:32 - 2014-07-22 16:32 - 02090496 _____ (Farbar) C:\Users\Nikki\Downloads\FRST64.exe
2014-07-22 16:26 - 2013-06-02 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 16:11 - 2013-03-18 05:34 - 00000000 ____D () C:\Users\Nikki\AppData\Local\Deployment
2014-07-22 16:07 - 2009-07-14 00:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 16:07 - 2009-07-14 00:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 16:06 - 2009-07-14 01:13 - 00727478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 16:05 - 2012-11-20 20:39 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\uTorrent
2014-07-22 16:05 - 2011-03-13 22:23 - 01712127 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 16:04 - 2013-05-24 21:14 - 00000352 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-07-22 16:04 - 2012-10-28 08:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 16:04 - 2012-05-02 21:32 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-22 16:01 - 2012-10-28 08:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 16:00 - 2013-06-23 19:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 16:00 - 2011-04-22 04:00 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-22 16:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 16:00 - 2009-07-14 00:51 - 00200108 _____ () C:\Windows\setupact.log
2014-07-21 19:03 - 2014-03-10 09:43 - 00000000 ____D () C:\ZTIMPHOTOS
2014-07-21 14:01 - 2012-10-21 15:24 - 00000000 ____D () C:\Z
2014-07-18 18:11 - 2014-06-08 20:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-18 18:09 - 2014-06-08 15:10 - 00000000 ____D () C:\ProgramData\Google
2014-07-16 17:43 - 2013-12-19 21:46 - 00000000 ____D () C:\Users\Nikki\AppData\Local\CrashDumps
2014-07-11 19:09 - 2014-07-02 07:28 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-07-09 17:20 - 2012-11-21 06:26 - 00000000 ____D () C:\ZA
2014-07-09 10:27 - 2013-06-02 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 10:27 - 2012-10-27 20:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 10:27 - 2011-09-07 22:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 18:28 - 2014-07-05 18:28 - 00000000 ____D () C:\ruth wedding
2014-07-05 16:10 - 2014-04-11 16:25 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\DesktopIconForAmazon
2014-07-04 02:31 - 2014-07-04 02:31 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-04 02:31 - 2014-07-02 07:19 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-04 02:26 - 2014-07-02 07:18 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\serv
2014-07-04 02:16 - 2014-07-02 07:21 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-04 02:16 - 2012-05-02 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 02:16 - 2011-08-10 08:32 - 00054312 _____ () C:\Windows\PFRO.log
2014-07-02 09:52 - 2013-01-27 17:39 - 00000000 ____D () C:\ZPhotos
2014-07-02 07:26 - 2014-04-11 16:01 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-07-02 07:26 - 2014-04-11 15:54 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-07-02 07:26 - 2011-03-14 15:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-02 07:25 - 2013-03-17 18:12 - 00001379 _____ () C:\Users\Nikki\Desktop\Internet Explorer (64-bit).lnk
2014-07-02 07:25 - 2012-10-28 08:21 - 00002255 _____ () C:\Users\Nikki\Desktop\Google Chrome.lnk
2014-07-02 07:25 - 2011-03-13 22:24 - 00001413 _____ () C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-02 07:24 - 2014-04-20 17:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-02 07:21 - 2014-07-02 07:21 - 00000000 ____D () C:\ProgramData\SearchModule
2014-07-02 07:19 - 2014-07-02 07:18 - 00000000 ____D () C:\ProgramData\Online
2014-07-02 07:18 - 2014-07-02 07:18 - 00946472 _____ () C:\Users\Nikki\Downloads\java_installer.exe
2014-06-29 16:01 - 2014-06-29 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-23 17:57 - 2012-10-23 08:33 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Skype
2014-06-23 11:56 - 2012-10-28 08:21 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 11:56 - 2012-10-28 08:21 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Nikki\AppData\Local\Temp\app_setup.exe
C:\Users\Nikki\AppData\Local\Temp\BackupSetup.exe
C:\Users\Nikki\AppData\Local\Temp\bitool.dll
C:\Users\Nikki\AppData\Local\Temp\cabex.dll
C:\Users\Nikki\AppData\Local\Temp\contentDATs.exe
C:\Users\Nikki\AppData\Local\Temp\devcon.exe
C:\Users\Nikki\AppData\Local\Temp\dlLogic.exe
C:\Users\Nikki\AppData\Local\Temp\dltr.exe
C:\Users\Nikki\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\Nikki\AppData\Local\Temp\GCVerifier.dll
C:\Users\Nikki\AppData\Local\Temp\Installmanager.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\mpsetup.exe
C:\Users\Nikki\AppData\Local\Temp\nsaAE6D.exe
C:\Users\Nikki\AppData\Local\Temp\nsaE0B8.exe
C:\Users\Nikki\AppData\Local\Temp\nsfAB31.exe
C:\Users\Nikki\AppData\Local\Temp\nsgE656.exe
C:\Users\Nikki\AppData\Local\Temp\nsqB13C.exe
C:\Users\Nikki\AppData\Local\Temp\nsvE3A6.exe
C:\Users\Nikki\AppData\Local\Temp\nswBEF0.exe
C:\Users\Nikki\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nikki\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Nikki\AppData\Local\Temp\nvStInst.exe
C:\Users\Nikki\AppData\Local\Temp\oi_{D11A1FEC-675D-4F19-B9CA-66A007372EC9}.exe
C:\Users\Nikki\AppData\Local\Temp\riftuninstall.exe
C:\Users\Nikki\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Nikki\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nikki\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Nikki\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Nikki\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Nikki\AppData\Local\Temp\unelevate.exe
C:\Users\Nikki\AppData\Local\Temp\Uninstall.exe
C:\Users\Nikki\AppData\Local\Temp\utt931D.tmp.exe
C:\Users\Nikki\AppData\Local\Temp\utt97ED.tmp.exe
C:\Users\Nikki\AppData\Local\Temp\utt98B6.tmp.exe
C:\Users\Nikki\AppData\Local\Temp\uttEEB7.tmp.exe
C:\Users\Nikki\AppData\Local\Temp\VARemove.exe
C:\Users\Nikki\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Nikki\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Nikki\AppData\Local\Temp\verifier.exe
C:\Users\Nikki\AppData\Local\Temp\youtubeAccelerator_partnerobr_setup.exe
C:\Users\Nikki\AppData\Local\Temp\zipsetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 00:22

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 27 July 2014 - 08:28 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 AM

Posted 27 July 2014 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    SearchScopes: HKLM-x32 - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S04375^us&si=101497&ptb=01614174-ACA3-4546-A62B-B50C1F562F6C&ind=2013020401&n=77fc40f1&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AMD&o=10626&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D1&apn_dtid=YYYYYYYYUS&apn_uid=8D45BEA6-84CF-4D99-A6F0-341E442F5D37&apn_sauid=13170B8E-8493-45A6-AC18-FFB6F8047740
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AMD&o=10626&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D1&apn_dtid=YYYYYYYYUS&apn_uid=8D45BEA6-84CF-4D99-A6F0-341E442F5D37&apn_sauid=13170B8E-8493-45A6-AC18-FFB6F8047740
    SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S04375^us&si=101497&ptb=01614174-ACA3-4546-A62B-B50C1F562F6C&ind=2013020401&n=77fc40f1&psa=&st=sb&searchfor={searchTerms}
    BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    FF Keyword.URL: hxxp://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default\searchplugins\conduit-search.xml
    FF SearchPlugin: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\1tojfb49.default\searchplugins\my-web-search.xml
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Extutil) - C:\Users\Nikki\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-20]
    CHR Extension: (Managera) - C:\Users\Nikki\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-20]
    R2 MediaDevSrv; C:\ProgramData\MediaDev\1404455479\mediadev.exe [366952 2014-07-04] (VM Host Corporation)
    R2 WinDevSrv; C:\ProgramData\Online\sv.exe [389992 2014-07-02] (VM Host Corporation)
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
    C:\ProgramData\MediaDev\
    C:\ProgramData\Online\sv.exe
    Task: {D6EA8F34-82F9-4B74-AE18-85AEC78FEEE3} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
    C:\Program Files\PC Optimizer Pro
    C:\ProgramData\UpdateTask\vmhost.exe
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    IMPORTANT
    • If you click the Clean button all items listed in the report will be removed.
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Uncheck the element(s) you wish to keep.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
    ===

    How is the computer running now?






#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 AM

Posted 02 August 2014 - 08:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users