Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Linkbucks virus


  • Please log in to reply
19 replies to this topic

#1 uncuva65

uncuva65

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 02:02 PM

I believe I am infected with a linkbucks redirect virus. I have been dealing with this problem for some time now, and after having it solved though help at Malwaretips.com, only to have it return numerous times, I have decided to try my luck here. When I click on links on Twitter -- any links -- it redirects me to a www.linkbucks.com page and sometimes gives me a pop-up to download a plug in. I believe previously I would also occassionally be redirected to a www.advertisingsilver.com page. Please note that, until now and as I have dealt with this over the past few weeks, the problem has only occrred on Twitter.



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 02:07 PM

Hello, 
 

and after having it solved though help at Malwaretips.com, only to have it return numerous times

What steps did you follow at Malwaretips? 

Could you provide a link to the topic/article please? 


Posted Image

#3 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 02:33 PM

Thanks for the response. The first malware issue I had was an adobe flash virus, which first appeared in May 2014. The issue was solved, but then reappeared on August 9. That thread can be found here: http://malwaretips.com/threads/adobe-flash-player-virus-on-computer-and-android.26269/

 

I'm not sure if the two are related, but on August 24, the Linkbucks issue appeared. That thread can be found here: http://malwaretips.com/threads/linkbucks-malware-on-twitter.32258/

 

I also noticed that I went into a bit more detail about the issue in that thread, which I have copy and pasted here: "Up until now, Twitter is the only place I have encountered the issue. But it happens every time I click any link on Twitter. It starts with an advertisingsilver.com URL then immediately redirects to the Linkbucks site described above. Then it tries to get me to install a plugin, won't let me close the tab when I try, etc (similar to other malware issues)."

 

Lastly, I used numerous approaches in an attempt to solve the problem, incuding FRST, AdwCleaner, MBAR, and Zoek (I have not tried anything since the problem reappeared about an hour ago).



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 02:51 PM

Hello,

 

You should only seek malware removal help at one forum.

We ask that you select one forum from those where you sought help and ask the others to close your topics.

Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.

By Multi Posting you are utilizing the time of two (or more) trained helpers. Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

Understandably this causes a certain amount of bad feeling and frustration

  • From the helper who has needlessly spent time researching your log and compiling and posting instructions.
  • From others who have to wait longer for their problems to be addressed.

Advice from two separate helpers can cause problems.

A helper at one place has no idea what a helper somewhere else is doing. Different helpers may use different methods to combat your infection. While each one is safe to use, problems can arise if you follow the advice of both together. Some of the tools used are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances. By following BOTH sets of instructions, the clean up process could be delayed.

 

Please let us know where you would like to receive help.


Posted Image

#5 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 03:01 PM

Thanks for that. I would like to continue on this forum, will close threads on other forums, and will operate only according to your instructions.



#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 03:23 PM

OK. Lets start with the following, and see what turns up. 

A Google search of this particular issue would suggest it may be on Twitter's end - but we shall see. 

 

STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Create Restore Point

  • Press the Windows Key pdKOQKY.png + s on your keyboard at the same time.
  • Type restore in the text field.
  • Click Create a restore point.
  • Click Create.
  • Enter a name and click Create.
  • Close the window once created.
     

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Internet Flush

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Flushing Internet. Please wait... >"%userprofile%\desktop\flushresults.txt"
    ipconfig /release >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    echo. >>"%userprofile%\desktop\flushresults.txt"
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\flushresults.txt"
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
  • After the reboot, a log (results.txt) will be on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
YjhLJro.png.pagespeed.ce.__mK8JaB4j.png SystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
    *linkbucks*
    
    :folderfind
    *linkbucks*
    
    :regfind
    linkbucks
  • Click the Look button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the Exit button. 
     

STEP 4
rzqZvBe.png.pagespeed.ce.PBqTwa5eBH.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Place a checkmark next to each item excluding:
    • xm6PS9Eu.png.pagespeed.ic.sbUN_mBk2Q.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • flushresults.txt
  • SystemLook.txt
  • Result.txt

Posted Image

#7 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 04:00 PM

Thanks. I have pasted the requested logs below.

 

 

Flushing Internet. Please wait...

Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::add0:2671:c2be:9315%4
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:307f:8e6a:d613:47e5
   Link-local IPv6 Address . . . . . : fe80::307f:8e6a:d613:47e5%8
   Default Gateway . . . . . . . . . : ::

Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::add0:2671:c2be:9315%4
   IPv4 Address. . . . . . . . . . . : 192.168.1.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{EAFB8928-A226-4524-98E1-7CC155F70F1E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:307f:8e6a:d613:47e5
   Link-local IPv6 Address . . . . . : fe80::307f:8e6a:d613:47e5%8
   Default Gateway . . . . . . . . . : ::

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

 
Finished. Your computer will reboot.

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:42 on 08/09/2014 by David
Administrator - Elevation successful

========== filefind ==========

Searching for "*linkbucks*"
No files found.

========== folderfind ==========

Searching for "*linkbucks*"
No folders found.

========== regfind ==========

Searching for "linkbucks"
No data found.

-= EOF =-

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by David (administrator) on 08-09-2014 at 23:52:37
Running from "C:\Users\David\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
0.0.0.0 cdn.cdndp.com
0.0.0.0 cdn.download.sweetpacks.com
0.0.0.0 cdn.dpdownload.com
0.0.0.0 cdn.visualbee.net


========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : david-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 84-A6-C8-CC-53-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-23-93-BA-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 84-A6-C8-CC-53-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 84-A6-C8-CC-53-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::add0:2671:c2be:9315%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, September 8, 2014 11:30:45 PM
   Lease Expires . . . . . . . . . . : Thursday, September 11, 2014 11:44:46 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 260351688
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-A1-F2-84-A6-C8-CC-53-0D
   DNS Servers . . . . . . . . . . . : 69.85.88.11
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : E0-DB-55-CE-9E-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EAFB8928-A226-4524-98E1-7CC155F70F1E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1c40:b0e8:d613:47e5(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c40:b0e8:d613:47e5%8(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-A1-F2-84-A6-C8-CC-53-0D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  69.85.88.11

Name:    google.com
Addresses:  2607:f8b0:400d:c03::64
      4.34.16.50
      4.34.16.30
      4.34.16.25
      4.34.16.34
      4.34.16.39
      4.34.16.35
      4.34.16.44
      4.34.16.49
      4.34.16.59
      4.34.16.54
      4.34.16.20
      4.34.16.45
      4.34.16.29
      4.34.16.24
      4.34.16.40
      4.34.16.55


Pinging google.com [4.34.16.25] with 32 bytes of data:
Reply from 4.34.16.25: bytes=32 time=169ms TTL=52
Reply from 4.34.16.25: bytes=32 time=169ms TTL=52

Ping statistics for 4.34.16.25:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 169ms, Maximum = 169ms, Average = 169ms
Server:  UnKnown
Address:  69.85.88.11

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=194ms TTL=50
Reply from 98.139.183.24: bytes=32 time=191ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 191ms, Maximum = 194ms, Average = 192ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...84 a6 c8 cc 53 0e ......Microsoft Wi-Fi Direct Virtual Adapter
  7...00 ff 23 93 ba 92 ......Anchorfree HSS VPN Adapter
  6...84 a6 c8 cc 53 11 ......Bluetooth Device (Personal Area Network)
  4...84 a6 c8 cc 53 0d ......Intel® Centrino® Wireless-N 2230
  3...e0 db 55 ce 9e 13 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:90d7:1c40:b0e8:d613:47e5/128
                                    On-link
  4    281 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::1c40:b0e8:d613:47e5/128
                                    On-link
  4    281 fe80::add0:2671:c2be:9315/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2014 11:30:50 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (09/08/2014 11:30:49 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/08/2014 09:49:16 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 32.0.0.5350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13c0

Start Time: 01cfc7b5868028e8

Termination Time: 65

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: d17422bd-3788-11e4-bf00-84a6c8cc5311

Faulting package full name:

Faulting package-relative application ID:

Error: (09/08/2014 09:49:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.0.5350, time stamp: 0x53fc3d9f
Faulting module name: mozalloc.dll, version: 32.0.0.5350, time stamp: 0x53fc0a56
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1210
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61566641

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61566641

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12172

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12172

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/08/2014 11:38:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/08/2014 11:30:49 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/30/2014 01:31:28 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/30/2014 01:30:00 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/30/2014 01:29:19 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:10:17 AM on ‎8/‎30/‎2014 was unexpected.

Error: (08/25/2014 07:53:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/25/2014 07:22:09 PM) (Source: DCOM) (User: DAVID-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/25/2014 07:22:09 PM) (Source: DCOM) (User: DAVID-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/25/2014 07:22:09 PM) (Source: DCOM) (User: DAVID-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/25/2014 07:22:09 PM) (Source: DCOM) (User: DAVID-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (09/08/2014 11:30:50 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (09/08/2014 11:30:49 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/08/2014 09:49:16 PM) (Source: Application Hang)(User: )
Description: firefox.exe32.0.0.535013c001cfc7b5868028e865C:\Program Files (x86)\Mozilla Firefox\firefox.exed17422bd-3788-11e4-bf00-84a6c8cc5311

Error: (09/08/2014 09:49:15 PM) (Source: Application Error)(User: )
Description: plugin-container.exe32.0.0.535053fc3d9fmozalloc.dll32.0.0.535053fc0a56800000030000141b121001cfc7bdb45eaaebC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld49289d5-3788-11e4-bf00-84a6c8cc5311

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61566641

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61566641

Error: (09/08/2014 07:07:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12172

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12172

Error: (09/08/2014 02:01:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-05-08 21:37:10.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-08 21:37:10.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-08 21:12:02.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-08 21:12:02.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.29938 - BitTorrent Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FE5ABB0E-EDEA-4023-B0FB-9DEA39A98D76}) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3jam 1.1.1.4 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.4 - MP3jam)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unchecky v0.2.15 (HKLM-x32\...\Unchecky) (Version: 0.2.15 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VMB HL (HKLM-x32\...\VMB HL) (Version: 22.001.16.01.37 - Huawei Technologies Co.,Ltd)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.102.30707 - Vodafone)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8061.27 MB
Available physical RAM: 5898.8 MB
Total Pagefile: 9405.27 MB
Available Pagefile: 7183.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:918.01 GB) (Free:786.13 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator            David                    Guest                    

========================= Restore Points ==================================

18-08-2014 22:36:46 avast! antivirus system restore point
24-08-2014 16:28:52 zoek.exe restore point
26-08-2014 17:46:33 Installed Java 7 Update 67 (64-bit)
03-09-2014 15:06:04 Scheduled Checkpoint
08-09-2014 20:26:25 System Check Restore Point

**** End of log ****


 



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 04:25 PM

Hello, 
 
Please consider the following warning. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms,backdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
  • Let me know if you've decided to remove the programme. 
If you choose not to remove the programme(s), please refrain from using them during this process.

 

 
 
STEP 1
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    netsh int ip reset >"%userprofile%\desktop\query.txt"
    reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi >>"%userprofile%\desktop\query.txt" 2>&1
    start notepad %userprofile%\desktop\query.txt
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • A log (query.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xWrdYuL9.png.pagespeed.ic.M4eHGcpcWH.png Farbar MiniRegTool

  • Please download MiniRegTool (x64) and save the ZIP file to your Desktop.
  • Right-click the ZIP file and click Extract All. Select your Desktop as the location, and click Extract.
  • Open the MiniRegTool64 folder on your Desktop. Right-Click the MiniRegTool64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield (ensure.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi
  • Place a checkmark next to xkTazgft.png.pagespeed.ic.Avn36leXe2.png.
  • Click xHVJnpKx.png.pagespeed.ic.nxuTMeOnX_.png. A log will be created. Copy the contents of the log and paste in your next reply.
     

STEP 3
xgxJsKn9.png.pagespeed.ic.M4hykS4GUJ.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • xH5woOOZ.png.pagespeed.ic.T3Pfzk_LLB.png.
    • xTA6BLVm.png.pagespeed.ic.sqmxnaDPxe.png.
    • xe1PK1mD.png.pagespeed.ic.55-up2Fsst.png.
    • xmQdJltp.png.pagespeed.ic.LswxcoOK3I.png.
    • 7wCHunX.png.pagespeed.ce.KZduXTGibJ.png.
    • wU6iCZ5.png.pagespeed.ce.r8ASNNqNd0.png.
  • Click YMLYaf6.png.pagespeed.ce.KGKSzJqO7G.png.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • query.txt
  • MiniRegTool log
  • FSS.txt

Posted Image

#9 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 04:46 PM

Thanks. I think, for now at least, I will refrain from uninstalling uTorrent. I have pasted the requested logs below.

 

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}
 

 

MiniRegTool64 by Farbar Version:21-07-2014
Ran by David (administrator) on 2014-09-09 at 00:43:20

===============================================
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi

   Owner: NULL SID

   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   S-1-5-32-556   read+KEY_CREATE_SUB_KEY+KEY_SET_VALUE+KEY_WRITE+DELETE   ALLOW   (CI)(OI)
   NT AUTHORITY\NETWORK SERVICE   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\LOCAL SERVICE   FULL   ALLOW   (CI)(OI)
   Everyone   READ   ALLOW   (CI)(OI)
   APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES   READ   ALLOW   (CI)(OI)
   NT SERVICE\WwanSvc   FULL   ALLOW   (CI)(OI)
   NT SERVICE\BFE   FULL   ALLOW   (CI)(OI)
   NT SERVICE\Dhcp   FULL   ALLOW   (CI)(OI)

 

Farbar Service Scanner Version: 21-07-2014
Ran by David (administrator) on 09-09-2014 at 00:44:52
Running from "C:\Users\David\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 05:03 PM

Hello, 
 
Please create another Restore Point before proceeding with STEP 2. 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Create Restore Point

  • Press the Windows Key pdKOQKY.png + s on your keyboard at the same time.
  • Type restore in the text field.
  • Click Create a restore point.
  • Click Create.
  • Enter a name and click Create.
  • Close the window once created.
     

STEP 2
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
    Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: netsh int ip reset
    CMD: netsh winsock reset
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt

Posted Image

#11 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 05:12 PM

I have pasted the fixlog.txt below.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by David at 2014-09-09 01:10:20 Run:6
Running from C:\Users\David\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}
Unlock: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh int ip reset
CMD: netsh winsock
reset
end
*****************

"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a02-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nsi\{eb004a1c-9b1a-11d4-9123-0050047759bc}" => Key unlocked successfully.

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ip reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh winsock =========


The following commands are available:

Commands in this context:
?              - Displays a list of commands.
audit          - Displays a list of Winsock LSPs that have been installed and removed.
dump           - Displays a configuration script.
help           - Displays a list of commands.
remove         - Removes a Winsock LSP from the system.
reset          - Resets the Winsock Catalog to a clean state.
set            - Sets Winsock options.
show           - Displays information.

To view help for a command, type the command, followed by a space, and then
 type ?.


========= End of CMD: =========

reset => Error: No automatic fix found for this entry.

==== End of Fixlog ====



#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 05:15 PM

Hello, 

 

Looks like you mistakenly added a line break in the script. 

But not to worry, we've already reset the Winsock Catalogue. 

 

Please provide an update on your computer. 


Posted Image

#13 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 05:19 PM

Thanks. I just tried clicking on two links on Twitter and the issue is still unresolved.



#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 September 2014 - 05:27 PM

We're running out of options here I'm afraid.

 

What browser are you using when this occurs? Does it occur on all your browsers?


Posted Image

#15 uncuva65

uncuva65
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 September 2014 - 05:32 PM

I'm using FireFox, but the issue is present in Chrome as well. This was also the case with IE previously, but for some reason IE is giving me HTTP 404 Not Found for all links on Twitter at the moment. I'll have to resume with you tomorrow, as it's getting late. Thanks so much for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users