Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I am infected w/ Fake HDD - cant get firewall, win update, etc to run


  • This topic is locked This topic is locked
37 replies to this topic

#1 bmcgirth

bmcgirth

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 21 February 2015 - 11:04 AM

Hi

I was asked to fix a relative's pc  - uncle died and we need to get info and the machine running. It's now running but very poorly. I believe from the research that it is a fake HDD problem. I get action center warnings that my antivirus needs ro be turned on, firewall off, etc. I try to turn firewall on and get error messages that it wont let me. I can't do windows updates, etc.

I have run Rkill, TDSS killer, Malwarebytes, Superantispyware, Spybot S&D, ADWCleaner, JRT and finally Rogue Killer.

I cant tell if it is missing files or still active with malware.

I am able to run ZoneAlarm firewall but I cant update Windows. My internet is spotty and I find myself running
the "troubleshoot" problems option to kick-start it.

 

I think that's all I can give you right now.

 

 

____________________________________

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by wcm (administrator) on WCM-PC on 21-02-2015 10:46:38
Running from C:\Users\wcm\Desktop\Bill's Bag\- PC FIRST AID
Loaded Profiles: wcm (Available profiles: wcm)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(PortableApps.com) C:\Users\wcm\Desktop\ff14 backup\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\wcm\Desktop\ff14 backup\FirefoxPortable\App\Firefox\firefox.exe
(Valve Corporation) F:\Program Files (x86)\Steam\steamerrorreporter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9639424 2009-12-21] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2686632235-3909572256-2187879314-1001\...\Run: [Google Update] => C:\Users\wcm\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-14] (Google Inc.)
HKU\S-1-5-21-2686632235-3909572256-2187879314-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2686632235-3909572256-2187879314-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2686632235-3909572256-2187879314-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2686632235-3909572256-2187879314-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-2686632235-3909572256-2187879314-1001 -> {DD4A780F-0C2D-4189-99E0-570DEB506EC2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} ->  No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QT Command Bar 2 -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Command Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Command Bar 2 - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1414197706761
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll [444752 2010-11-04] (Microsoft Corporation)
ShellExecuteHooks-x32: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\SysWOW64\mscoree.dll [297808 2010-11-04] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: WSE Rocket
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 -> C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\wcm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @hola.org/vlc,version=1.6.654 -> C:\Users\wcm\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\wcm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @talk.google.com/O1DPlugin -> C:\Users\wcm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @tools.google.com/Google Update;version=3 -> C:\Users\wcm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @tools.google.com/Google Update;version=9 -> C:\Users\wcm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\wcm\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\wcm\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\fy33gvdr.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\fy33gvdr.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\fy33gvdr.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\searchplugins\youtube.xml
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\fy33gvdr.default\Extensions\dictionary@adarsh.tp [2012-02-23]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\artur.dubovoy@gmail.com [2014-05-03]
FF Extension: Dictionary - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\dictionary@adarsh.tp [2012-06-28]
FF Extension: Dictionary.com - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\dictionary@mozila.firefox.com [2012-06-23]
FF Extension: Downloads in Tab - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\downintab@max.max [2012-06-28]
FF Extension: Email Yourself! - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\emailyourself@lazyrussian.com [2012-06-28]
FF Extension: Fast Youtube Downloader - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\fastYoutubeDownloader@yevgenyandrov.net [2012-06-28]
FF Extension: Form History Control - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\formhistory@yahoo.com [2014-03-30]
FF Extension: FoxyProxy Standard - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\foxyproxy-basic@eric.h.jung [2014-09-09]
FF Extension: Email This! Bookmarklet Extension - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\gmailthis@lazyrussian.com [2012-06-28]
FF Extension: Live Online TV - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\jid0-YNhkb3yx0W5hupi6klZMatBBybc@jetpack [2012-08-01]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\pavel.sherbakov@gmail.com [2014-08-25]
FF Extension: QuickDrag - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\quickdrag@mozilla.ktechcomputing.com [2012-06-28]
FF Extension: Update Channel Selector - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\updatechannel@blueprintit.co.uk [2012-06-28]
FF Extension: Forecastfox - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-08]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-03-30]
FF Extension: Tab Preview - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2012-06-28]
FF Extension: Adblock Lite - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0} [2012-08-01]
FF Extension: FEBE - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-07-22]
FF Extension: EPUBReader - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-09-03]
FF Extension: QuickPageZoom - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D} [2012-06-28]
FF Extension: DownloadHelper - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: BetterPrivacy - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-06-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-02]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\bettergreader@ginatrapani.org [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\history-state@rogoznjan.com [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\printpdf@pavlov.net [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (YouTube) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (DivX HiQ) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-08-28]
CHR Extension: (Avast Online Security) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-15]
CHR Extension: (Google Wallet) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-28]
CHR Extension: (Gmail) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2010-05-31] (Nalpeiron Ltd.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-03-29] (Nalpeiron Ltd.) [File not signed]
R2 NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-05-23] (Sony Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2477536 2014-05-14] () [File not signed]
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-08-04] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-11-23] (http://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\332D.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [0 2012-02-16] () <==== ATTENTION (zero size file/folder)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-19] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-21] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 14:29 - 2015-02-19 14:29 - 00000000 ____D () C:\Users\wcm\AppData\Local\Steam
2015-02-14 09:56 - 2012-06-21 15:03 - 00772592 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-02-14 09:56 - 2012-06-21 15:03 - 00687600 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-02-14 09:55 - 2015-02-14 09:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-14 09:54 - 2015-02-14 09:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-13 16:54 - 2015-02-13 16:56 - 00000000 ____D () C:\Users\wcm\Documents\ArmA 2 OA Demo
2015-02-13 16:54 - 2015-02-13 16:54 - 00000000 ____D () C:\Users\wcm\AppData\Local\ArmA 2 OA DEMO
2015-02-13 16:53 - 2015-02-14 15:23 - 00019539 _____ () C:\Windows\DirectX.log
2015-02-10 01:37 - 2015-02-10 03:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18DD47AC.sys
2015-02-05 14:06 - 2015-02-05 14:06 - 00003062 _____ () C:\Windows\System32\Tasks\{3A5A1C88-7001-45A4-ADEC-463D57D55793}
2015-02-05 10:13 - 2015-02-09 23:47 - 00000000 ____D () C:\Users\wcm\AppData\Roaming\25Assist
2015-01-31 16:50 - 2015-02-21 01:24 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-31 16:50 - 2015-01-31 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-31 16:50 - 2015-01-31 16:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 10:46 - 2014-09-06 12:25 - 00000000 ____D () C:\FRST
2015-02-21 10:44 - 2012-08-28 16:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 10:43 - 2009-07-14 00:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 10:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 10:14 - 2012-06-17 07:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 10:14 - 2009-07-13 23:45 - 00017680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 10:14 - 2009-07-13 23:45 - 00017680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 10:12 - 2014-06-25 00:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 10:09 - 2014-11-02 00:00 - 00037050 _____ () C:\Windows\setupact.log
2015-02-21 10:08 - 2014-10-24 20:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeff6a5ee538b.job
2015-02-21 10:08 - 2012-08-28 16:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 10:08 - 2010-05-08 20:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 10:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 09:58 - 2010-06-16 09:21 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2686632235-3909572256-2187879314-1001UA.job
2015-02-21 09:25 - 2010-05-07 23:28 - 00291512 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-21 09:25 - 2010-05-07 23:11 - 00291512 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-21 09:24 - 2010-05-07 23:11 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-21 08:38 - 2010-05-07 16:53 - 00000000 ____D () C:\Users\wcm\AppData\Roaming\Mozilla
2015-02-21 08:37 - 2011-08-03 00:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-20 23:13 - 2010-06-16 09:21 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2686632235-3909572256-2187879314-1001Core.job
2015-02-20 16:26 - 2012-09-05 23:15 - 00000000 ____D () C:\Users\wcm\AppData\Roaming\vlc
2015-02-20 14:28 - 2014-07-10 06:11 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-20 13:31 - 2012-08-02 08:55 - 00005878 _____ () C:\Users\wcm\Desktop\Rkill.txt
2015-02-20 13:27 - 2012-10-05 22:17 - 00000000 ____D () C:\Users\wcm\Desktop\rkill
2015-02-20 12:52 - 2014-10-14 23:14 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2686632235-3909572256-2187879314-1001Core1cfe82e8bca1b6b.job
2015-02-19 17:09 - 2014-09-06 12:45 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 17:08 - 2014-02-09 01:11 - 00000000 ____D () C:\AdwCleaner
2015-02-19 14:28 - 2012-08-28 16:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 00:04 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\wcm\AppData\Local\CrashDumps
2015-02-17 23:26 - 2014-11-09 13:04 - 00006798 _____ () C:\Windows\PFRO.log
2015-02-14 13:40 - 2012-06-17 07:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-14 10:07 - 2014-07-25 22:28 - 00000000 ____D () C:\Users\wcm\AppData\Local\Adobe
2015-02-14 10:07 - 2012-06-17 07:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-14 10:07 - 2011-06-27 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-14 10:05 - 2010-07-27 09:13 - 00000000 ___RD () C:\Users\wcm\Desktop\Bill's Bag
2015-02-14 10:02 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 09:57 - 2011-06-16 22:09 - 00000000 ____D () C:\Program Files\Java
2015-02-14 09:56 - 2010-11-20 22:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-14 09:54 - 2012-06-21 15:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-14 09:54 - 2012-06-21 15:03 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-14 09:54 - 2012-06-21 15:03 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-13 04:17 - 2010-05-09 09:16 - 00000000 ____D () C:\Users\wcm\Documents\Monthly bills
2015-02-09 08:46 - 2011-12-06 23:07 - 00000000 ____D () C:\Users\wcm\AppData\Roaming\NVIDIA
2015-02-06 23:39 - 2014-11-13 19:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfeff6a5ee538b
2015-02-06 23:39 - 2012-08-28 16:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 12:47 - 2014-11-14 23:24 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2686632235-3909572256-2187879314-1001Core1cfe82e8bca1b6b
2015-02-06 12:47 - 2010-06-16 09:21 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2686632235-3909572256-2187879314-1001UA
2015-02-05 13:17 - 2010-06-03 14:54 - 00000000 ____D () C:\Users\wcm\Downloads\languages
2015-02-01 12:26 - 2014-09-06 03:58 - 00062716 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 20:00 - 2010-12-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Movavi Video Suite 8

==================== Files in the root of some directories =======

2010-08-09 12:41 - 2011-04-03 00:39 - 0000132 _____ () C:\Users\wcm\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-02-14 01:22 - 2014-04-01 13:13 - 0001924 _____ () C:\Users\wcm\AppData\Roaming\mainhst.zgh
2010-06-13 00:43 - 2010-06-13 00:43 - 0007859 _____ () C:\Users\wcm\AppData\Roaming\pcouffin.cat
2010-06-13 00:43 - 2010-06-13 00:43 - 0001167 _____ () C:\Users\wcm\AppData\Roaming\pcouffin.inf
2010-06-13 00:43 - 2010-06-13 00:43 - 0000034 _____ () C:\Users\wcm\AppData\Roaming\pcouffin.log
2010-06-13 00:43 - 2010-06-13 00:43 - 0082816 _____ (VSO Software) C:\Users\wcm\AppData\Roaming\pcouffin.sys
2014-10-26 15:17 - 2014-10-26 15:17 - 0000038 ___SH () C:\Users\wcm\AppData\Local\69ff07055291669bb2b218.72821112
2013-09-13 15:31 - 2013-09-13 15:31 - 0000037 ___SH () C:\Users\wcm\AppData\Local\70149b02515b3bb20dd492.47983420
2011-01-23 00:54 - 2015-01-10 16:15 - 0001456 _____ () C:\Users\wcm\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-18 22:35 - 2014-10-18 22:35 - 0000000 ____H () C:\Users\wcm\AppData\Local\BIT4ECC.tmp
2014-10-15 09:27 - 2014-10-15 09:27 - 0000000 ____H () C:\Users\wcm\AppData\Local\BITC624.tmp
2010-12-04 16:09 - 2013-12-23 01:44 - 0007680 _____ () C:\Users\wcm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-19 16:10 - 2011-07-19 16:10 - 0000017 _____ () C:\Users\wcm\AppData\Local\resmon.resmoncfg
2015-01-11 23:22 - 2015-01-11 23:22 - 0000000 _____ () C:\Users\wcm\AppData\Local\{4AAEDC05-3856-4E0D-A12D-CD48426A0F64}
2015-01-11 23:22 - 2015-01-11 23:22 - 0000000 _____ () C:\Users\wcm\AppData\Local\{ACE2688B-105A-41D1-9B5E-3B131B9E1395}
2010-12-04 16:07 - 2010-12-04 16:07 - 0005034 _____ () C:\ProgramData\cbkxtjjv.ukg
2012-07-11 10:26 - 2012-07-11 10:26 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-05-23 10:54 - 2012-05-23 10:54 - 0005095 _____ () C:\ProgramData\xpbthzbm.qqq

Some content of TEMP:
====================
C:\Users\wcm\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.732.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\tdtcp.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-16 19:19

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 26 February 2015 - 09:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2686632235-3909572256-2187879314-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2686632235-3909572256-2187879314-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: No Name -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} ->  No File
FF SelectedSearchEngine: WSE Rocket
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-2686632235-3909572256-2187879314-1001: @hola.org/vlc,version=1.6.654 -> C:\Users\wcm\AppData\Local\Hola\firefox\app\vlc No File
FF Extension: QuickDrag - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\Extensions\quickdrag@mozilla.ktechcomputing.com [2012-06-28]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\bettergreader@ginatrapani.org [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\history-state@rogoznjan.com [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\printpdf@pavlov.net [Not Found]
FF Extension: No Name - C:\Users\wcm\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.bill\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [Not Found]
CHR Extension: (Avast Online Security) - C:\Users\wcm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [0 2012-02-16] () <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\tdtcp.sys
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

How is the computer running now?

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#3 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 26 February 2015 - 01:37 PM

Thanks for the info, nasdaq. I ran the fix and the pc restarted. It loaded up faster than I've seen it do so in quite some time. However, I still cant run windows update. I get this message:

 

https://www.dropbox.com/s/vsndxfgqlj0l0ow/windows%20update.PNG?dl=0

 

I'm still leery of starting the firewall for fear that it's being controlled by malware. My internet is still a little slow. Pages only load up partially and have to be reloaded.

 

Could files or folders been deleted preventing these programs from being accessed.

 

thanks



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 26 February 2015 - 02:42 PM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===


Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

Lets check the status of the windows update.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 26 February 2015 - 05:37 PM

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Sophos Anti-Rootkit 1.5.4   
 Duplicate Cleaner Pro 3.0.3  
 KC Softwares KCleaner   
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 33.0.1 Firefox out of Date!  
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 avastui.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZaPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

_____________________________________________________________________________________________

 

Farbar Service Scanner Version: 17-01-2015
Ran by wcm (administrator) on 26-02-2015 at 17:35:28
Running from "C:\Users\wcm\Desktop\Bill's Bag\- PC FIRST AID"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll
[2014-08-24 04:15] - [2014-05-14 11:23] - 2477536 ____A () D65D0FD7A7B6E1B01A0A7BE200AD8925

ATTENTION!=====> C:\Windows\System32\wuaueng.dll IS INFECTED.

C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 27 February 2015 - 08:32 AM

ATTENTION!=====> C:\Windows\System32\wuaueng.dll IS INFECTED


Lets find out if you have a good copy on your computer.

Please run the Farbar Recovery Scan Tool. Enter wuaueng.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

p.s.
Will take care of the outdated programs when all is well.

#7 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 27 February 2015 - 10:02 AM

I have an odd question that I hope you can understand. I went and reset both chrome and firefox per your request. I reloaded the speed dial addon to FF and began recreating the links i made over the years. I went to bed and left off at my first of seven pages. When I woke up this morning to continue I opened FF and all my pages extensions and everything are back exactly the way they were before the reset. I am more than a little stunned. I did back up everything via FEBE but decided to start fresh and load everything over individually. . Do I need to start over again?

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by wcm at 2015-02-27 09:43:16
Running from C:\Users\wcm\Desktop\Bill's Bag\- PC FIRST AID
Boot Mode: Normal

================== Search Files: "wuaueng.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000\wuaueng.dll
[2014-08-24 04:15][2014-05-14 11:23] 2477536 ____A () D65D0FD7A7B6E1B01A0A7BE200AD8925

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuaueng.dll
[2012-06-21 22:19][2012-06-02 17:19] 2428952 ____A (Microsoft Corporation) D9EF901DCA379CFE914E9FA13B73B4C4 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll
[2011-02-26 23:42][2010-11-20 08:27] 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430 [File is signed]

C:\Windows\System32\wuaueng.dll
[2014-08-24 04:15][2014-05-14 11:23] 2477536 ____A () D65D0FD7A7B6E1B01A0A7BE200AD8925

====== End Of Search ======



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 27 February 2015 - 02:29 PM

This is what we have in out database.
http://www.systemlookup.com/FF_Extensions/2853-FVD_Speed_Dial_with_Full_Online_Sync_Speed_Dial_FVD_New_Tab_Page_Sync.html

Decide if you wish to keep it.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Replace: C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuaueng.dll C:\Windows\System32\wuaueng.dll.

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the Windows Updates now?

#9 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 27 February 2015 - 03:40 PM

It Works!!!  Thank you nasdaq! It got rid of the null software link and actually connected immediately. I got the firewall working too i think. Could these problems be causing my internet to drop? It does pretty often and then i go into adapter setting and disable it for a few seconds then enable it. seems to work for a bit then i need to redo.

 

Is there anything else I need to do?

 

So,  FVD is bad, huh? I like the video downloader too. Will have to part ways with them. Can you recommend a free video downloader that is safe?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 28 February 2015 - 08:58 AM

It does pretty often and then i go into adapter setting and disable it for a few seconds then enable it. seems to work for a bit then i need to redo.

This is a long shot but if you disable the Video Downloader do you still have this issue?

==

If yes then try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

Restart the computer normally.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

I do not use and need of a Video Downloader.

Most of not all free programs these days come with some PUP (Potentially Unwanted Program) installed without your consent.

After you have done the resert the IP you may decide to keep your Downloader.

Keep me posted.

#11 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 28 February 2015 - 03:09 PM

I disabled FVD and did the reset. Doesn't seem to be much of a difference.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 01 March 2015 - 09:18 AM

Your network settings may need to be looked at and possibly changed.
This is not malware and not my forte.

I suggest you start a new topic in the Networking forum.

http://www.bleepingcomputer.com/forums/f/21/networking/



Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Post that log in your topic in the networking forum.

#13 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 13 March 2015 - 11:34 AM

Not sure what happened, but my pc is running and freezing more often than before....getting to be a real drag!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 14 March 2015 - 07:15 AM

Please run the Minitool box and post the log.

The last 10 Event Viewer log may give me some clues.

#15 bmcgirth

bmcgirth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 14 March 2015 - 10:48 AM

MiniToolBox by Farbar  Version: 09-03-2015
Ran by wcm (administrator) on 14-03-2015 at 11:36:23
Running from "C:\Users\wcm\Desktop\Bill's Bag\- PC FIRST AID"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 15473 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Linksys WMP600N Wireless-N PCI Adapter with Dual-Band = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : wcm-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection* 35:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS Adapter
   Physical Address. . . . . . . . . : 00-FF-74-0B-3B-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-25-9C-DE-13-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-CB-4E-D7-71-84
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Linksys WMP600N Wireless-N PCI Adapter with Dual-Band
   Physical Address. . . . . . . . . : 00-25-9C-DE-13-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b0a5:b500:4123:b4d3%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 14, 2015 10:36:33 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 20, 2151 6:06:57 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 184559004
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-76-68-A6-E0-CB-4E-D7-71-84
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E4FAA2BA-07E1-44E2-A74C-45C6F2BC89D3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {270E6E86-1AF8-4A95-B44A-2F99BBFDD2D7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {901EAEF3-D421-4280-8D04-0AE9C3FB7AA5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #12
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {098DC634-2BF1-4E64-94FC-ED472B1BC424}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #15
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {27964563-3371-4452-97FF-CF4DD98F5F20}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #13
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{740B3B14-7935-4C34-A886-FB48C00D1C07}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #14
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 61:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c7f:20f2:52fc:e244(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c7f:20f2:52fc:e244%74(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{816324B1-E2A9-4DF0-8DE5-853CF3BF1767}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #16
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4006:80e::200e
      167.206.252.98
      167.206.252.113
      167.206.252.94
      167.206.252.89
      167.206.252.109
      167.206.252.123
      167.206.252.103
      167.206.252.93
      167.206.252.119
      167.206.252.84
      167.206.252.114
      167.206.252.118
      167.206.252.104
      167.206.252.88
      167.206.252.99
      167.206.252.108


Pinging google.com [167.206.252.98] with 32 bytes of data:
Reply from 167.206.252.98: bytes=32 time=511ms TTL=59
Reply from 167.206.252.98: bytes=32 time=47ms TTL=59

Ping statistics for 167.206.252.98:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 511ms, Average = 279ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Reply from 98.139.183.24: bytes=32 time=145ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 145ms, Maximum = 145ms, Average = 145ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=14ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 14ms, Average = 12ms
===========================================================================
Interface List
 39...00 ff 74 0b 3b 14 ......Anchorfree HSS Adapter
 30...00 25 9c de 13 15 ......Microsoft Virtual WiFi Miniport Adapter
 11...e0 cb 4e d7 71 84 ......Realtek PCIe GBE Family Controller
 10...00 25 9c de 13 14 ......Linksys WMP600N Wireless-N PCI Adapter with Dual-Band
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
 64...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #12
 73...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #15
 72...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
 71...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #14
 74...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 75...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #16
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.7     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.7    286
      192.168.2.7  255.255.255.255         On-link       192.168.2.7    286
    192.168.2.255  255.255.255.255         On-link       192.168.2.7    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.7    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.7    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 74     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 74     58 2001::/32                On-link
 74    306 2001:0:9d38:6abd:2c7f:20f2:52fc:e244/128
                                    On-link
 10    286 fe80::/64                On-link
 74    306 fe80::/64                On-link
 74    306 fe80::2c7f:20f2:52fc:e244/128
                                    On-link
 10    286 fe80::b0a5:b500:4123:b4d3/128
                                    On-link
  1    306 ff00::/8                 On-link
 74    306 ff00::/8                 On-link
 10    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/14/2015 10:00:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xc54
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/14/2015 03:38:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/13/2015 11:40:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x19a0
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/13/2015 01:37:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/12/2015 11:40:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1650
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/12/2015 04:10:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1ecc
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/12/2015 03:24:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1d9c
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/12/2015 01:46:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1f04
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/12/2015 01:44:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x203c
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3

Error: (03/12/2015 01:04:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: AALauncher32.exe, version: 1.0.0.4, time stamp: 0x5492eba3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xf84
Faulting application start time: 0xAALauncher32.exe0
Faulting application path: AALauncher32.exe1
Faulting module path: AALauncher32.exe2
Report Id: AALauncher32.exe3


System errors:
=============
Error: (03/14/2015 01:36:42 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053

Error: (03/14/2015 01:36:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (03/14/2015 01:36:12 AM) (Source: Service Control Manager) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
%%1053

Error: (03/14/2015 01:36:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

Error: (03/14/2015 01:35:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FlipShare Server service to connect.

Error: (03/14/2015 01:34:09 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:33:12 AM on ‎3/‎14/‎2015 was unexpected.

Error: (03/13/2015 11:42:54 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x405840=0xa2040800

Error: (03/13/2015 11:42:54 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: Shader Program Header 18 Error

Error: (03/13/2015 11:42:54 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: Shader Program Header 11 Error

Error: (03/13/2015 11:42:53 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x405840=0xa2040800


Microsoft Office Sessions:
=========================
Error: (03/14/2015 10:00:28 AM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753c5401d05e579a24370cF:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dll78199f26-ca52-11e4-948b-d7da59f26d0a

Error: (03/14/2015 03:38:02 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (03/13/2015 11:40:04 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75319a001d05e0502ec4df6F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dllcca8ccc6-c9fb-11e4-a113-b500167c5404

Error: (03/13/2015 01:37:51 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (03/12/2015 11:40:15 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753165001d05d3ddfc74dc4F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dlla8d672ec-c932-11e4-849d-8206008e6f08

Error: (03/12/2015 04:10:35 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531ecc01d05cffa7673ce6F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dlld72a8444-c8f3-11e4-86bf-a2a9242fb07f

Error: (03/12/2015 03:24:33 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531d9c01d05cf640a42467F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dll697227a7-c8ed-11e4-86bf-a2a9242fb07f

Error: (03/12/2015 01:46:01 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531f0401d05cec3fb46856F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dlla56399f9-c8df-11e4-86bf-a2a9242fb07f

Error: (03/12/2015 01:44:45 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753203c01d05ce6e941c008F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dll77c1b84c-c8df-11e4-86bf-a2a9242fb07f

Error: (03/12/2015 01:04:37 PM) (Source: Application Error)(User: )
Description: AALauncher32.exe1.0.0.45492eba3ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753f8401d05ce04a4f6f84F:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exeC:\Windows\SysWOW64\ntdll.dlldcdbc4c3-c8d9-11e4-86bf-a2a9242fb07f


CodeIntegrity Errors:
===================================
  Date: 2014-09-18 12:54:18.441
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-18 12:54:18.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-18 12:54:18.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-18 12:54:18.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 01:36:44.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 01:36:43.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 00:41:02.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\332D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 00:41:02.450
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\332D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 00:30:33.655
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\99E9.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-09 00:30:33.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\99E9.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users