Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error code 0x8007042c


  • This topic is locked This topic is locked
2 replies to this topic

#1 rjd3

rjd3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 09 August 2014 - 09:58 PM

Hello all,

 

This my first experience here, but i plan to stay tuned to this forum as it seems to be the most authoritative and useful forum that I have come across on the Web. I will definitely be more on the receiving end than the advising end, I'm afraid.

 

I have apparently been attacked by a malicious trojan (at least, I think that's what it is). Java/Anogre.E (and apparently some others along with it) . No apparent malfunction at this point.  I have Microsoft Security Essentials running on Windows 7 (64 bit).  MSE apparently blocks repeated attempts at this intrusion, but it seems that my Windows Firewall is out of commission.  My Registry has apparently been corrupted and I cannot run any of the programs necessary to start Windows Firewall.  

 

I have run a Full Scan of MSE and it does not find anything. I have completely uninstalled Java and downloaded a new version. I have also run SFC/SCANNOW and it is not able to fix the problem.  I have followed the advice of many people without any success.  In most cases, the final advice has been to throw in the towel and do a complete reinstall of Windows 7 (advice that, although well intentioned, only serves to give me a headache).

 

The only successful solution that i have come across is here on this forum in a thread from early December of 2011.  In that event, the person with the Firewall problem had the username, Demand209.  The person who guided him through the process was Lefty3120.

 

It was a rather complex fix, with a number of steps; and I am not sure that I can just follow the sequence in that case because some of the required upload/download steps may have been edited specifically to that particular computer. 

 

If Lefty3120 or anyone else with knowledge of the problem can help me, I would be most grateful.  I am not that computer literate, but I can follow directions pretty well.  I am also willing to pay to have FARBAR or some other service get me through this process with less hassle (and potential for error on my part).  My hesitation there is that I don't know which service is the most reliable, and I don't want to pay only to finally be told to do a reinstall when I know that Lefty3120 managed to find a solution to the problem--that seemed as difficult to fix as mine--without having to go that extreme route.

 

I've attached some files that might have some bearing on the problem to someone who is a lot smarter than me.

 

Thanks in advance for anyone with suggestions.

 

Mod Edit: Pasted FRST data into post - Hamluis.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by Owner (administrator) on BBY-PC on 09-08-2014 08:33:07
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
( ) C:\Windows\System32\dlcgcoms.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DLCGCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCGtime.dll,RunDLLEntry                                                                                                                                (the data entry has 59 more characters).
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [EverioService] => C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe [151552 2006-11-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-08-05] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3455412632-2998010638-1833868093-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-11] (Google Inc.)
HKU\S-1-5-21-3455412632-2998010638-1833868093-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-27] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk
ShortcutTarget: HughesNetStatusMeter.lnk -> C:\Program Files (x86)\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {24911EA5-EE27-4655-9CF1-7287C4FE6C68} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchURL: http://www.search.ask.com/web?q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-10-18]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-08-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [566152 2006-12-08] ( )
R2 dlcg_device; C:\Windows\SysWOW64\dlcgcoms.exe [537480 2006-12-08] ( )
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-28] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 MCSTRM; No ImagePath
S3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-11-09] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-11-09] (RapidSolution Software AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 08:33 - 2014-08-09 08:34 - 00018090 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-08-09 08:32 - 2014-08-09 08:33 - 00000000 ____D () C:\FRST
2014-08-09 08:31 - 2014-08-09 08:32 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-08-09 08:30 - 2014-08-09 08:30 - 00415232 _____ (Farbar) C:\Users\Owner\Downloads\FSS.exe
2014-08-09 08:03 - 2014-08-09 08:03 - 05513976 _____ (ReviverSoft LLC) C:\Users\Owner\Downloads\RegistryReviverSetup.exe
2014-08-09 07:12 - 2014-08-09 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2014-08-09 05:45 - 2014-08-09 05:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.WindowsFirewall.RNP.1331019143305387.1.1.Run.exe
2014-08-09 05:25 - 2014-08-09 05:25 - 00167288 _____ (System Applet ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe
2014-08-07 03:27 - 2014-08-07 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 03:27 - 2014-08-07 03:26 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 03:27 - 2014-08-07 03:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 03:27 - 2014-08-07 03:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 03:27 - 2014-08-07 03:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 03:26 - 2014-08-07 03:26 - 00918440 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u67 (1).exe
2014-08-07 03:25 - 2014-08-07 03:25 - 00918440 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u67.exe
2014-08-07 02:27 - 2014-08-07 02:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.4.Run.exe
2014-08-07 02:25 - 2014-08-07 02:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.3.Run.exe
2014-08-07 02:21 - 2014-08-07 02:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.2.Run.exe
2014-08-07 02:16 - 2014-08-07 02:22 - 00000000 ____D () C:\MATS
2014-08-07 02:11 - 2014-08-07 02:11 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.1.Run.exe
2014-08-05 12:13 - 2014-08-05 20:55 - 00059054 _____ () C:\Users\Owner\Documents\Getting SquirrelyFirst5Pages.fdx
2014-08-05 12:10 - 2014-08-06 18:39 - 00442124 _____ () C:\Users\Owner\Documents\Getting Squirrely.fdx
2014-08-05 00:23 - 2014-08-05 00:23 - 00232806 _____ () C:\Users\Owner\Downloads\Getting Squirrely.fdr
2014-08-01 01:33 - 2014-08-01 01:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-07-24 01:22 - 2014-07-24 01:22 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-24 01:21 - 2014-07-24 01:21 - 00000000 ____D () C:\Windows\Sun
2014-07-24 01:00 - 2014-07-24 01:22 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-24 00:59 - 2014-07-24 01:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\serv
2014-07-15 14:33 - 2014-07-15 14:35 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b19.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 08:34 - 2014-08-09 08:33 - 00018090 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-08-09 08:33 - 2014-08-09 08:32 - 00000000 ____D () C:\FRST
2014-08-09 08:32 - 2014-08-09 08:31 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-08-09 08:30 - 2014-08-09 08:30 - 00415232 _____ (Farbar) C:\Users\Owner\Downloads\FSS.exe
2014-08-09 08:21 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 08:21 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 08:12 - 2010-11-11 23:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 08:10 - 2012-08-09 04:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 08:03 - 2014-08-09 08:03 - 05513976 _____ (ReviverSoft LLC) C:\Users\Owner\Downloads\RegistryReviverSetup.exe
2014-08-09 08:00 - 2010-06-24 13:40 - 00000000 ____D () C:\dell
2014-08-09 07:43 - 2009-07-13 22:10 - 01641370 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 07:38 - 2012-12-24 00:47 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455412632-2998010638-1833868093-1001UA.job
2014-08-09 07:30 - 2012-02-24 17:44 - 00183220 _____ () C:\Windows\setupact.log
2014-08-09 07:30 - 2010-11-11 23:01 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 07:30 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 07:29 - 2010-06-24 13:13 - 00400114 _____ () C:\Windows\PFRO.log
2014-08-09 07:12 - 2014-08-09 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2014-08-09 05:45 - 2014-08-09 05:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.WindowsFirewall.RNP.1331019143305387.1.1.Run.exe
2014-08-09 05:25 - 2014-08-09 05:25 - 00167288 _____ (System Applet ) C:\Users\Owner\Downloads\Java_Updater_Setup.exe
2014-08-08 22:33 - 2013-06-03 02:38 - 00000000 ____D () C:\Users\Owner\Tracing
2014-08-08 17:44 - 2013-06-15 00:40 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-08 02:38 - 2012-12-24 00:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455412632-2998010638-1833868093-1001Core.job
2014-08-07 03:47 - 2013-10-18 16:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-07 03:27 - 2014-08-07 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 03:26 - 2014-08-07 03:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 03:26 - 2014-08-07 03:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 03:26 - 2014-08-07 03:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 03:26 - 2014-08-07 03:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 03:26 - 2014-08-07 03:26 - 00918440 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u67 (1).exe
2014-08-07 03:26 - 2010-06-24 11:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-07 03:25 - 2014-08-07 03:25 - 00918440 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u67.exe
2014-08-07 02:39 - 2010-11-09 03:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-08-07 02:27 - 2014-08-07 02:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.4.Run.exe
2014-08-07 02:25 - 2014-08-07 02:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.3.Run.exe
2014-08-07 02:22 - 2014-08-07 02:16 - 00000000 ____D () C:\MATS
2014-08-07 02:21 - 2014-08-07 02:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.2.Run.exe
2014-08-07 02:11 - 2014-08-07 02:11 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.13308335011540.1.1.Run.exe
2014-08-06 20:33 - 2013-06-01 02:57 - 00870128 _____ () C:\Users\Owner\AppData\Roaming\mcs.rma
2014-08-06 20:33 - 2012-06-17 17:38 - 00000004 _____ () C:\Users\Owner\AppData\Roaming\C11B3E
2014-08-06 18:39 - 2014-08-05 12:10 - 00442124 _____ () C:\Users\Owner\Documents\Getting Squirrely.fdx
2014-08-05 20:55 - 2014-08-05 12:13 - 00059054 _____ () C:\Users\Owner\Documents\Getting SquirrelyFirst5Pages.fdx
2014-08-05 00:23 - 2014-08-05 00:23 - 00232806 _____ () C:\Users\Owner\Downloads\Getting Squirrely.fdr
2014-08-01 01:33 - 2014-08-01 01:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-07-28 17:44 - 2011-11-12 02:10 - 00000000 ____D () C:\Program Files\Dl_cats
2014-07-27 21:50 - 2011-05-07 00:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-07-24 01:22 - 2014-07-24 01:22 - 00000000 ____D () C:\ProgramData\MediaDev
2014-07-24 01:22 - 2014-07-24 01:00 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-07-24 01:21 - 2014-07-24 01:21 - 00000000 ____D () C:\Windows\Sun
2014-07-24 01:17 - 2014-07-24 00:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\serv
2014-07-24 01:07 - 2013-03-13 14:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 01:07 - 2013-03-13 14:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 22:02 - 2013-03-13 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 05:01 - 2011-11-11 01:22 - 00000000 ____D () C:\Users\Owner\Documents\Bad News
2014-07-21 21:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-21 03:41 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 16:04 - 2010-12-08 19:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PCDr
2014-07-20 00:30 - 2009-07-13 22:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 14:35 - 2014-07-15 14:33 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b19.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-08 18:55

==================== End Of Log ============================

Attached Files


Edited by hamluis, 10 August 2014 - 05:59 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 14 August 2014 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543893 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 15 August 2014 - 03:18 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users