Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AppMgmt service + appmgmts.dll


  • This topic is locked This topic is locked
16 replies to this topic

#1 trimmer1

trimmer1

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 23 September 2014 - 04:43 PM

I run jv16 Power Tools 2012 Pro registry cleaner after I uninstall a program (I usually uninstall w/Revo or Wise Program Uninstaller). jv16 displays  "Missing AppMgmt service". My "C:\Windows\System32\appmgmts.dll is missing". I done a few searches and I see this is a "Windows Service".

 

The only, and it's not good from what I read, error I get is "Bad Image" ["C Windows system32 services.exe is either not designed to run on Windows or it contains an error Try installing the program again using the original installation media"] - I'm almost positive I only get the error when I run 'SystemExplorer'. Yeah, I ran 'as administrator' just now and got the error.

 

I searched the forums here for "Bad Image error" before I posted and came up with a list of things to do, for that person Here - It involves running FRST64 and DDS.scr - I'm not familiar with either one of these, and they scare me a bit. I have Malwarebytes Premium and it says clean. I used SUPERAntiSpyware free & it says clean. They do find one thing, and quarantine it - "Winlogon.exe." It's in every Win OS I ever used, I put it on Ignore list. Running W7 x64. Regards,

-Dale


Edited by trimmer1, 23 September 2014 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 28 September 2014 - 04:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/549511 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 29 September 2014 - 02:14 PM

"AppMgmt Service" is missing and "appmgmts.dll" is missing from C:\Windows\System32 - The only error I get is:

"C Windows system32 services.exe is either not designed to run on Windows or it contains an error Try installing the program again using the original installation media". I only get the error when I use 'SystemExplorer' - I can live with this.

 

I mentioned SUPERAntiSpyware free, Malwarebytes Premium and Spybot (the old version)  want to quarantine "Winlogon.exe." - I let Spybot quarantine it for now. I have an issue about one folder, I'll make a new post. Thanks in advance,

-Dale   ... Running W7 x64

 

 



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 04:08 AM

Which version of Windows 7 are you running? Home Premium, Professional, Ultimate? If you are on Home Premium, AppMgmt service does NOT exist by default. It's different for Pro and Ultimate though.

DDS and FRST (when using Scan) are diagnostic tools; they don't write anything to the system.

OTL is a similar (and safe) tool, we can use that one if you prefer.



#5 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 04:12 PM

I have W7 Home Premium. Appmgmt (I think) was once a "Service". The first day I got W7 (Aug. 4, 2010) I got WinPatrol to help me out a bit, this OS is way different than W 98SE I was using. A week ago I ran jv16 pro RegScan and seen this > [HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services\] "C:\\WINDOWS\\SYSTEM32\\APPMGMTS.DLL". It's the first and only time I seen "APPMGMTS.DLL", it was flagged as "Invalid". I put it in Ignore list just in case.

 

I ran DDS.scr scan yesterday, I had it confused with a different scanner. I scan with AdwCleaner and RogueKiller once in a great while, usually after staying in YouTube a long time. I'm not familiar with them. A thing that puzzles me is my Malwarebytes Premium, Spybot (the old version) and SUPERAntiSpyware free quarantine "Winlogon.exe" - Winlogon, seems to me, has been in all Windows OS's I used. I let Malwarebytes quarantine it for now until I find out about it.

Glad for the help.

-D.W.


Edited by trimmer1, 01 October 2014 - 04:20 PM.


#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 07:59 PM

[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services\] "C:\\WINDOWS\\SYSTEM32\\APPMGMTS.DLL". It's the first and only time I seen "APPMGMTS.DLL"

 

Billp Studios in the registry refers to WinPatrol.

Since you already ran DDS.scr, can you please post the log here so that I may review?



#7 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 08:51 PM

I believe this is the one to post - DDS.txt not Attach.txt. Another note: Java 8_U20 will not run applets in IE or Firefox. I have the settings correct, been over & over it's settings. The only thing that will run is java.com Java + You. It says I'm up to date, all other Java tests or applets display JRE prompt: "Application Blocked by Java Security" .... I play this Pong game now & then:  http://www.eyetricks.com/pong/game.htm

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 11.20.2
Run by Aaron at 18:54:46 on 2014-09-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3832.2313 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Portable\Everything\Everything-1.2.1.371.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Portable\Advanced SystemCare Portable\ASC.exe
C:\Portable\Advanced SystemCare Portable\ASCTray.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRun: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 63.135.176.1 63.135.176.2
TCP: Interfaces\{035C4668-648D-4506-99AD-92845F77B7C8} : DHCPNameServer = 63.135.176.1 63.135.176.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\3kqwilgd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\3kqwilgd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-08-23 14:34; ascsurfingprotection@iobit.com; C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\3kqwilgd.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2014-08-23 14:34; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 231224]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-10-21 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-10-21 427360]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2010-12-9 79552]
R1 CFRPD;CFRPD;C:\Windows\System32\drivers\CFRPD.sys [2010-12-9 41472]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 204288]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-21 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-27 50344]
R2 Cleaner_Validator;COMODO System - Cleaner Service;C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-9 371648]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-6-27 9216]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-5-11 1153368]
R2 WiseFS;WiseFS;K:\Roy Data\Portable\Wise Folder Hider\WiseFs64.sys [2014-3-14 10280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-4 39480]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-19 92008]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-26 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-26 860472]
S3 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-4-30 58056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-9 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-8 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-26 63704]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\Windows\System32\drivers\psmounterex.sys [2014-9-9 166384]
S3 PSVolAcc;PSVolAcc;C:\Windows\System32\drivers\PSVolAcc.sys [2014-7-21 12760]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-6-27 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-6-27 12504]
S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-2-19 75016]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-20 1255736]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
.
=============== Created Last 30 ================
.
2014-09-29 23:05:12 -------- d-----w- C:\RegBackup
2014-09-29 22:28:38 -------- d-----w- C:\Program Files\CCleaner
2014-09-29 22:12:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44A44618-46DE-48F4-BD8D-BCEA53A99A0F}\offreg.dll
2014-09-26 23:55:31 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44A44618-46DE-48F4-BD8D-BCEA53A99A0F}\mpengine.dll
2014-09-25 05:49:57 47216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-09-25 00:08:29 0 ----a-w- C:\Users\Aaron\AppData\Local\jv16PT_temp.tmp
2014-09-24 00:24:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 00:24:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-23 22:14:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-23 22:14:02 -------- d-----w- C:\ProgramData\Oracle
2014-09-23 18:13:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 18:13:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 02:44:50 193536 ----a-w- C:\Windows\System32\appmgmts.dll
2014-09-19 00:02:06 -------- d-----w- C:\Users\Aaron\AppData\Local\PassMark
2014-09-18 03:48:21 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Mythicsoft
2014-09-18 03:48:17 -------- d-----w- C:\Program Files\Mythicsoft
2014-09-17 11:56:25 -------- d-----w- C:\ProgramData\Free Download Manager
2014-09-17 11:56:05 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Free Download Manager
2014-09-17 11:55:58 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2014-09-16 06:34:16 -------- d-----w- C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
2014-09-16 06:33:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-09-16 06:33:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-09-09 21:41:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-09 21:41:08 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-09 20:56:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-09 20:56:27 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-09 20:56:26 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-09 20:56:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-09 20:56:26 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-09 20:54:05 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-09 20:54:03 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-09 20:54:01 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-09 20:54:01 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-09 20:52:22 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-09 20:52:21 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-09 08:00:17 166384 ----a-w- C:\Windows\System32\drivers\psmounterex.sys
2014-09-09 03:29:49 -------- d-----w- C:\Users\Aaron\AppData\Roaming\MPC-HC
2014-09-02 01:25:18 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
.
==================== Find3M  ====================
.
2014-09-29 22:04:27 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 20:14:21 18450 ----a-w- C:\Windows\cscmondump.bin
2014-09-24 03:17:12 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-09-15 14:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-09-04 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-09-02 03:36:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-21 21:18:25 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-22 18:51:46 3502080 ----a-w- C:\Windows\System32\x264vfw64.dll
2014-07-22 18:50:28 3510784 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2014-07-21 11:36:46 12760 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
2014-07-16 05:55:36 532480 ----a-w- C:\cwshredder.exe
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 18:55:22.26 ===============
 


Edited by trimmer1, 01 October 2014 - 09:04 PM.


#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 09:42 PM

Looks fine.

 

Can I see a log from whichever tool is reporting that winlogon.exe is infected?



#9 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 09:43 PM

You'll see >C:\Windows\System32\appmgmts.dll - It's just in there, not registered. I got it from a .dll download site. I'm moving it to my external drive. I'll put it in jv16 Ignore list. 



#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 09:46 PM

You'll see >C:\Windows\System32\appmgmts.dll - It's just in there, not registered. I got it from a .dll download site.

 

Yeah try not to do that. This file does not belong on Windows 7 Home Premium. It doesn't hurt, but it's not there by default. 



#11 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 09:55 PM

The >C:\Windows\System32\appmgmts.dll is one I put in there, It wasn't there until a few days ago. I'm moving it to external drive then put it on jv16 Ignore list. It was Spybot I let Winlogon quarantine. Malwarebytes and SAS wanted to get rid of it to. I keep records of scans, probably too long. I have a Malwarebytes log but I'll have to look for it.

.
--- Report generated: 2014-08-27 22:07 ---

CoolWWWSearch.Leftovers: [SBI $1348EFF1]  Executable (File, nothing done)
  C:\Windows\winlogon.exe
  Properties.size=455168
  Properties.md5=88AB9B72B4BF3963A0DE0820B4B0B06C
  Properties.filedate=1393926231
  Properties.filedatetext=2014-03-04 04:43:50

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2014-05-11 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-08-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-08-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-08-13 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-08-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-08-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 10:03 PM

winlogon.exe doesn't belong in C:\Windows, it belongs in C:\Windows\system32 -- and your system must already have it there otherwise the PC wouldn't boot up properly.

This is probably why some scanners are flagging it. It is a legit file though. See here

Wrong directory is all.

 

Are you experiencing any malware related problems?


Edited by thisisu, 01 October 2014 - 10:03 PM.


#13 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 10:21 PM

Winlogon is in this PC #7 places >C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572 - All except #1 "C:\Windows\SysWOW64\winlogon.exe 0 bytes. The others are in >C:\Windows\winsxs\amd64_microsoft..... - They each have (very long) different numbers/letters.

 

I guess all is well, I thank you much for the help!



#14 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:04 AM

Posted 01 October 2014 - 10:31 PM

No malware problems, I get tracking cookie(s) once in a while. Last October I had to do a factory restore. Besides that the PC hasn't been out of this room since I got it Aug. 4, 2010. I was skeptical of HP machines but this one has held up real well. I use it 5-17 hr.'s a day, I'm addicted to it.



#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:04 AM

Posted 01 October 2014 - 11:26 PM

I believe this is the one to post - DDS.txt not Attach.txt. Another note: Java 8_U20 will not run applets in IE or Firefox. I have the he settings correct, been over & over it's settings. The only thing that will run is java.com Java + You. It says I'm up to date, all other Java tests or applets display JRE prompt: "Application Blocked by Java Security" .... I play this Pong game now & then:  http://www.eyetricks.com/pong/game.htm

 

When I click that game link, it prompts me to download Java, but it's an older version that the one you have:

 

Recommended Version 7 Update 67

 

Either way though, it didn't work for me either. I found one site where I was able to play the game at : http://games.jlbn.net/4820-Radical-Pong.html 

It uses Adobe Flash instead of Java. Sorry I'm not sure why the site you posted doesn't work. Other games work, just seems that one is one of the few that does not.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users