Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win update, Itunes update & Error 80072F8F


  • This topic is locked This topic is locked
17 replies to this topic

#1 cleffgo

cleffgo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 24 August 2015 - 08:10 PM

Hey Bleeping Comp Pros,

 

First of all, thanks in advance for all that you do.

 

This is a friends computer that seems to get constantly infected. He came to me unable to log into Win 7 Home Premium. Ran MBAM in safe mode, 86 hits cleared and was able to log back into Win. Still unable to do Win Update, and profile in Itunes was corrupt. Re-named 'iTunes Library Genius.itdb' to create new allowing Itunes to start and get music back, but unable to connect to Itunes store. Event Viewer pointed to problem: 'diagnostic policy service error 5: access is denied' which led to finding out Win update not working because of Error 80072F8F which is about W32Time service not working. Went through 'net stop w32time', 'W32tm /unregister', 'W32tm /register', 'net start w32time', 'w32tm /resync' and the WinTime service still isn't in services. Tried to perform clean-boot and realized anything I tried to do reverted back when I hit apply. Decided to run MBAR and got:

 

Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE (Security.Hijack) -> Delete on reboot. [1f22df2d137887af3ba67a6cb152ed13]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE (Security.Hijack) -> Delete on reboot. [311042ca701b68ce38a995516b9816ea]

Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE|Debugger (Security.Hijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [1f22df2d137887af3ba67a6cb152ed13]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE|Debugger (Security.Hijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [311042ca701b68ce38a995516b9816ea]

 

After restart network adapter is no longer available. Now I'm contacting you, as this is way beyond me.

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Ran by Admin (administrator) on DADS_COMPUTOR (24-08-2015 06:43:56)
Running from F:\My Stuff
Loaded Profiles: Dad & Admin (Available Profiles: Dad & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1157992372-943750825-3543147569-1001\...\Run: [Amazon Music] => C:\Users\Dad\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2015-02-23]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-03-10]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk /r \??\N:autocheck autochk /r \??\L:autocheck autochk /r \??\N:autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1157992372-943750825-3543147569-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1157992372-943750825-3543147569-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1157992372-943750825-3543147569-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13E302DF-9B90-4D15-9911-DB6B3F916651}&mid=b8bc4e5c050747d0ba87b57816d5fe38-b8ecfd93ba43e057fc8398b7e9070328e8524279&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2015-03-17 08:48:14&v=4.1.4.948&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {0968ABA3-1D9D-402B-B45A-89F2FB9F838E} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {7A36B319-AE20-448D-A78D-EF6B7D11B0E2} URL = hxxp://search.yahoo.com/?ourmark=4&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {9420B70F-866E-43E2-95A7-266590B0C728} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=3a53e1e7da36421d8645be9ae597e110&tu=11JL000852B000s&sku=&tstsId=&ver=&&r=762
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={13E302DF-9B90-4D15-9911-DB6B3F916651}&mid=b8bc4e5c050747d0ba87b57816d5fe38-b8ecfd93ba43e057fc8398b7e9070328e8524279&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2015-03-17 08:48:14&v=4.1.4.948&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {ABCE0A5A-B91B-408B-BFAB-1B6BE92F361F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {D506BC7D-AD90-4233-9A7B-04EEE96054D3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1006 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll [2015-07-22] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{765209CB-2E98-42E4-A5A4-125A7A5C4091}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{765209CB-2E98-42E4-A5A4-125A7A5C4091}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\041t6qw4.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAtCtCyB0C0ByDyDtBtBtN0D0Tzu0StCtCyBzztN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0A0DyD0EyEyDzytG0A0DyB0FtG0DtDzytAtGyD0C0E0DtGyBzytDyE0ByDtA0F0FtCtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytDtA0AzztB0AtGyB0AzyyBtGyEyDtB0BtG0A0CzyyBtGtByBtAtByC0FyDzyyEzztC0B2QtN0A0LzuyE%26cr%3D631209472%26a%3Dwny_dnldstr_15_13%26os%3DWindows 7 Home Premium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1157992372-943750825-3543147569-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1157992372-943750825-3543147569-1006: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\041t6qw4.default\user.js [2015-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKU\S-1-5-21-1157992372-943750825-3543147569-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-05]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-05]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-05] (Comodo Security Solutions, Inc.)
S4 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [69632 2006-10-10] (OLYMPUS IMAGING CORP.) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-11] (SurfRight B.V.)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)
S4 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S4 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S4 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S4 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1116656 2010-02-19] (Sonic Solutions)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-06] (TeamViewer GmbH)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
S4 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
S4 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1874320 2015-07-22] (AVG Secure Search)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-22] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-25] (Windows ® Win 7 DDK provider) [File not signed]
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S2 A2DDA; \??\C:\Users\Dad\Desktop\Run\a2ddax64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 06:43 - 2015-08-24 06:44 - 00000000 ____D C:\FRST
2015-08-23 12:04 - 2015-08-23 12:57 - 00000000 ____D C:\Users\Admin\Desktop\mbar
2015-08-23 12:04 - 2015-08-23 12:04 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.09.2.1008.exe
2015-08-22 13:01 - 2015-08-22 13:01 - 00652288 _____ C:\Users\Admin\Downloads\MicrosoftFixit50309.msi
2015-08-22 12:32 - 2015-08-22 12:32 - 00162010 _____ C:\Users\Admin\Downloads\DIAG_MATS_NETWORK_global (1).DiagCab
2015-08-22 12:31 - 2015-08-22 12:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\MicrosoftFixit.WindowsFirewall.RNP.Run.exe
2015-08-22 12:08 - 2015-08-22 12:08 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-22 12:08 - 2015-08-22 12:08 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-22 12:07 - 2015-08-22 12:07 - 08098552 _____ (TeamViewer GmbH) C:\Users\Dad\Downloads\TeamViewer_Setup_en-ckj.exe
2015-08-22 12:06 - 2015-08-22 12:06 - 00000000 ____D C:\Users\Dad\AppData\Roaming\TeamViewer
2015-08-22 12:04 - 2015-08-22 12:04 - 00302011 _____ C:\Users\Dad\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-08-22 11:34 - 2015-08-22 11:34 - 00302011 _____ C:\Users\Dad\Downloads\WindowsUpdateDiagnostic.diagcab
2015-08-22 10:49 - 2015-08-22 10:49 - 00001415 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 22:47 - 2015-08-20 22:47 - 00000000 ____D C:\Users\Dad\AppData\Local\Minibar
2015-08-20 11:45 - 2015-08-20 11:45 - 10389069 _____ C:\Users\Dad\Downloads\Attachments_2015820 (2).zip
2015-08-20 11:43 - 2015-08-20 11:43 - 14062996 _____ C:\Users\Dad\Downloads\Attachments_2015820 (1).zip
2015-08-20 11:40 - 2015-08-20 11:40 - 15154164 _____ C:\Users\Dad\Downloads\Attachments_2015820.zip
2015-08-06 11:35 - 2015-08-06 11:35 - 00000000 ___RD C:\Users\Dad\Desktop\2015-07-03
2015-08-06 11:34 - 2015-08-06 11:43 - 00000000 ___RD C:\Users\Dad\Desktop\2015-07-01
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 06:33 - 2013-10-08 14:38 - 00000000 ____D C:\ProgramData\MFAData
2015-08-24 05:57 - 2009-07-13 21:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-24 05:57 - 2009-07-13 21:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 05:50 - 2011-06-06 11:56 - 03187584 _____ C:\Windows\PFRO.log
2015-08-24 05:49 - 2012-05-06 12:57 - 00000000 ____D C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic
2015-08-23 21:33 - 2014-08-26 10:19 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 21:32 - 2014-08-26 10:17 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-23 19:13 - 2015-03-04 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-23 12:57 - 2011-02-16 17:24 - 01181318 _____ C:\Windows\WindowsUpdate.log
2015-08-23 12:55 - 2014-07-05 19:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 12:39 - 2012-05-04 20:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-23 11:55 - 2014-07-05 19:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 10:32 - 2015-03-17 08:48 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-08-23 08:50 - 2015-03-05 15:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg2015
2015-08-23 08:49 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 08:49 - 2009-07-13 21:51 - 00166121 _____ C:\Windows\setupact.log
2015-08-22 12:49 - 2015-03-04 22:34 - 00109784 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-22 12:35 - 2012-08-11 00:26 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1591657A-E153-46BE-AFFE-4A72C85DD8BF}
2015-08-22 12:14 - 2011-06-06 11:10 - 00109784 _____ C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-22 12:12 - 2013-10-13 18:41 - 00000000 ____D C:\Users\Dad\AppData\Local\Deployment
2015-08-22 12:10 - 2009-07-13 21:45 - 00483520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-22 12:08 - 2015-01-04 12:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-22 11:58 - 2014-07-05 19:29 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 11:28 - 2012-05-25 20:32 - 00450048 ___SH C:\Users\Dad\Desktop\Thumbs.db
2015-08-20 13:03 - 2011-07-06 11:10 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDADS_COMPUTOR$
2015-08-20 13:03 - 2011-07-06 11:10 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForDADS_COMPUTOR$.job
2015-08-20 07:13 - 2015-06-29 10:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-19 08:46 - 2015-03-19 08:54 - 00084320 _____ C:\Users\Dad\AppData\Local\rx_audio.Cache
2015-08-19 08:07 - 2009-07-13 22:13 - 00870022 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 18:31 - 2015-03-05 15:47 - 00000927 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-18 18:31 - 2015-03-05 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-18 18:21 - 2013-08-08 16:33 - 00000000 ____D C:\Users\Dad\Documents\Acting
2015-08-18 13:00 - 2015-03-04 22:07 - 00000000 ____D C:\Users\Admin
2015-08-14 14:15 - 2011-06-07 18:40 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2015-08-04 16:47 - 2013-09-14 14:37 - 00000000 ____D C:\Users\Dad\Documents\Trevors Passwords

==================== Files in the root of some directories =======

2015-03-10 22:38 - 2015-03-11 13:38 - 0000064 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2015-03-04 22:34 - 2015-03-04 22:34 - 0007611 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2011-06-07 12:16 - 2011-06-07 21:22 - 0007323 _____ () C:\ProgramData\hpzinstall.log
2013-12-05 20:32 - 2013-12-05 20:32 - 0004965 _____ () C:\ProgramData\uxxadbmu.rlu

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-23 00:56

==================== End of log ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 26 August 2015 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove these programs in bold using the Add/Remove programs applet.

Extended Update (HKU\S-1-5-21-1157992372-943750825-3543147569-1006\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1157992372-943750825-3543147569-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {7A36B319-AE20-448D-A78D-EF6B7D11B0E2} URL = hxxp://search.yahoo.com/?ourmark=4&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
Toolbar: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File]
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\041t6qw4.default\user.js [2015-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>
S4 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1874320 2015-07-22] (AVG Secure Search)
S2 A2DDA; \??\C:\Users\Dad\Desktop\Run\a2ddax64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X]
U2 TMAgent; no ImagePath
Task: {56FC5395-9E5B-4AE8-89D4-6497E253F5D6} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B783C8B0-B9ED-4F67-BF21-4429BD5755B2} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {EACF689C-7556-46B9-BC65-651547ADD0A9} - \IE_ERR4WDR -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
AlternateDataStreams: C:\ProgramData\Temp:10E0CEB1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35950FAF
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\Users\Dad\Desktop\Samanthas 8th B-day.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Cartoon Kids crop.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Cartoon Kids.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\CineMagic.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Slideshow.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Slideshow0.dmsm:Roxio EMC Stream
C:\ProgramData\uxxadbmu.rlu

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Win update, Itunes update & Error 80072F8F
Check this out and let me know if or what problems persists.
http://windows.microsoft.com/en-ca/windows/windows-update-error-80072f8f#1TC=windows-7

===

#3 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 26 August 2015 - 08:12 PM

Hi nasdaq,

 

Thanks for all your help so far.

 

Trying to delete 'Extended Update' 'an error occured' and 'it may have already been uninstalled' popped up. I chose to click 'NO' to 'do you want to remove from the Programs and Features list?'. Let me know how to handle that please.

 

VideoPlayer uninstalled without incident, (although it did send me to a "farewell" page that didn't load because I still have no network adapter up to this point).

 

Unable to complete the "Windows How-to" to sync the clock. Clicking on 'Change setttings' presents UAC, I click yes, then the next error says 'You do not have permission to perform this task.'

Attempted sequence mentioned in OP, ("Went through 'net stop w32time', 'W32tm /unregister', 'W32tm /register', 'net start w32time', 'w32tm /resync'") and that got me past the permission issue and on the 'Change settings' window. On that window it says 'An error occured while Windows was syncing', and 'The peer is unresolved'.

 

I tried to look at my network adapters and there are still none listed, but this time a pop up says 'The Network Connections Folder was unable to retrieve the list of Network adapters on your machine. Make sure the Network Connections service is enabled and running'. When I opened Services almost everything is disabled and not running. Double checked Msconfig and realized I still had selective startup enabled. Re-enabled 'Normal startup', and Magically everything is working better  :wink:

 

Successfully synced the clock, but Win update is still returning the same error. Launching Itunes intiated a 'Please wait while Windows configures i Tunes' and a new error 'The feature you are trying to use is on a network resource that is unavailable. Enter alternate path to a folder containing the install package iTunes6464.msi'. Itunes opens but still unable to access the Itunes Store.

 

New symptom - wireless mouse and keyboard are stuttering intermittantly. Made logging into computer difficult.

 

Fixlog.txt :

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by Admin (2015-08-26 16:46:37) Run:1
Running from F:\My Stuff
Loaded Profiles: Dad & Admin (Available Profiles: Dad & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1157992372-943750825-3543147569-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {7A36B319-AE20-448D-A78D-EF6B7D11B0E2} URL = hxxp://search.yahoo.com/?ourmark=4&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
Toolbar: HKU\S-1-5-21-1157992372-943750825-3543147569-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File]
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\041t6qw4.default\user.js [2015-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>
S4 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1874320 2015-07-22] (AVG Secure Search)
S2 A2DDA; \??\C:\Users\Dad\Desktop\Run\a2ddax64.sys [X]
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X]
U2 TMAgent; no ImagePath
Task: {56FC5395-9E5B-4AE8-89D4-6497E253F5D6} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B783C8B0-B9ED-4F67-BF21-4429BD5755B2} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {EACF689C-7556-46B9-BC65-651547ADD0A9} - \IE_ERR4WDR -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
AlternateDataStreams: C:\ProgramData\Temp:10E0CEB1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35950FAF
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\Users\Dad\Desktop\Samanthas 8th B-day.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Cartoon Kids crop.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Cartoon Kids.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\CineMagic.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Slideshow.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\Dad\Documents\Slideshow0.dmsm:Roxio EMC Stream
C:\ProgramData\uxxadbmu.rlu

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1157992372-943750825-3543147569-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
"HKU\S-1-5-21-1157992372-943750825-3543147569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1157992372-943750825-3543147569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A36B319-AE20-448D-A78D-EF6B7D11B0E2}" => key removed successfully
HKCR\CLSID\{7A36B319-AE20-448D-A78D-EF6B7D11B0E2} => key not found.
"HKU\S-1-5-21-1157992372-943750825-3543147569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1157992372-943750825-3543147569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1157992372-943750825-3543147569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-1157992372-943750825-3543147569-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@TrendMicro.com/FFExtension" => key removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\041t6qw4.default\user.js => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj" => key removed successfully
vToolbarUpdater18.8.0 => service removed successfully
A2DDA => service removed successfully
AODDriver4.0 => service removed successfully
AODDriver4.01 => service removed successfully
catchme => service removed successfully
SADP_NPF => service removed successfully
TMAgent => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56FC5395-9E5B-4AE8-89D4-6497E253F5D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56FC5395-9E5B-4AE8-89D4-6497E253F5D6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B783C8B0-B9ED-4F67-BF21-4429BD5755B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B783C8B0-B9ED-4F67-BF21-4429BD5755B2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACF689C-7556-46B9-BC65-651547ADD0A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACF689C-7556-46B9-BC65-651547ADD0A9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
C:\ProgramData\Temp => ":0C65EA0E" ADS removed successfully.
C:\ProgramData\Temp => ":10E0CEB1" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":35950FAF" ADS removed successfully.
C:\ProgramData\Temp => ":3AC0ED43" ADS removed successfully.
C:\ProgramData\Temp => ":A1D3FEF0" ADS removed successfully.
C:\Users\Dad\Desktop\Samanthas 8th B-day.mpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dad\Documents\Cartoon Kids crop.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dad\Documents\Cartoon Kids.jpg => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dad\Documents\CineMagic.dmsd => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dad\Documents\Slideshow.dmsm => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dad\Documents\Slideshow0.dmsm => ":Roxio EMC Stream" ADS removed successfully.
C:\ProgramData\uxxadbmu.rlu => moved successfully
EmptyTemp: => 179.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:47:13 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 27 August 2015 - 07:16 AM

Need to check these services.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 27 August 2015 - 10:04 PM

Upon restart, I'm getting small Windows error window with nothing but a red "X" with a header that says Device Detector. I didn't mention it in the last post, but network adapter is back and working properly.
 
FSS.txt
 
Farbar Service Scanner Version: 26-07-2015
Ran by Admin (administrator) on 27-08-2015 at 06:55:40
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
I see Defender is disabled in the registry. I assume that's where we're going next?


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 28 August 2015 - 06:50 AM


I see Defender is disabled in the registry. I assume that's where we're going next?


AVG 2015 has disable Windows Defender. Both cannot be run in real life.

===

I'm getting small Windows error window with nothing but a red "X" with a header that says Device Detector.


You should look in device manager to see if you have a device for which there are no drivers installed. It's going to be difficult for me to tell which device is causing problems since I don't know what hardware and software you have installed.

As I'm sure you're aware, to get to device manager in Win 7, hit the Windows key, type "device manager" and hit enter.

If you have a yellow exclamation point on any of the devices that will probably the first thing you should be looking at.

Let me know
===


Is there any other issues pending?

#7 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 28 August 2015 - 10:40 AM

The device manager doesn't show any issues. I'm thinking, and I've sent an email to the comps owner to double check, that it's a storage device that it's looking for, that I don't have here. I'm going to assume for now that it's a non-issue.

 

But yes, both main issues still remain. Win update still not working and still getting the same error. What's different now is the 'Win Time' service seems to be operating properly. Windows reports that time is syncing properly, but I'm still getting the same exact error message 80072F8F.

 

As well as iTunes not connecting to the iTunes Store. After I hear back about the external storage, I'm going to try to uninstall and reinstall iTunes, unless you disagree. iTunes is still going into a Win config sequence with the same 'missing path to a folder containing the install package iTunes6464.msi'.

 

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 28 August 2015 - 01:39 PM

Remove Itunes using the Revo Uninstaller tool.
Clean everything that will be found associated with that program.

Revo Uninstaller site.
http://www.revouninstaller.com/

Reinstall Itunes.

Keep me posted.

#9 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 28 August 2015 - 09:03 PM

That had no effect. ITunes won't log on. I used my friends credentials on the Itunes web page, to verify accuracy. I also tried my own credentials. Something is blocking both Win update and Itunes logging in maybe. A few things I've tried:

in Chrome - cleared Browsing history, download history, cookies and plugin data, cached images and files from the beginning of time.

Internet properties>security - Reset all zones to default level

Made sure no proxy internet settings

Internet properties>connections>lan settings - I tried unchecking auto detect settings - but I know that needs to go back at some point.

Event Viewer>Error>Kernel-EventTracing - Session "NPTraceSession" stopped due to the following error: 0xC000000D - Looks like this is a Norton issue, but it doesn't look like this computer has Norton installed (although I believe at one time he did)

 

I may investigate EventViewer more. But my eyes are tired. :)



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 29 August 2015 - 07:05 AM


Download and run the Norton Removal tool.

http://www.bitdefender.com/support/removal-tools-%28uninstallers%29-for-common-antivirus-software-1107.html

Restart the computer normally when done.

If the problem persists continue.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    09 - Repair HOSTS File
    10 - Remove Policies Set By Infections
    13 - Repair Network (previously Repair Winsock & DNS Cache)
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?


#11 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 29 August 2015 - 07:59 PM

Honestly it seems like everything is running really well. But the original two complaints still haven't been resolved. Running Tweaking.com had no effect and it did not return any errors per se. Four of the log files it produces don't say much, other than successfully restarted services. The Repair_Windows_Update and the Repair_WMI do have some messages that I'm going to leave to you to decypher. I'm happy to post the other four as well, just let me know.
 
I tried copy paste with Repair_WMI, but it was locking up, so I'm going to attach it instead.
 
Repair_Windows_Update:
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Cryptographic Services service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Background Intelligent Transfer Service service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Windows Update service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Windows Modules Installer service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The system cannot find the file specified.
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Deleted file - C:\Windows\SoftwareDistribution\ReportingEvents.log
Deleted file - C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab
Deleted file - C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab
Deleted file - C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00001.jrs
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00002.jrs
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\v6-muredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
Deleted file - C:\Windows\system32\catroot2\dberr.txt
Deleted file - C:\Windows\system32\catroot2\edb.chk
Deleted file - C:\Windows\system32\catroot2\edb.log
Deleted file - C:\Windows\system32\catroot2\edb000CD.log
Deleted file - C:\Windows\system32\catroot2\edbres00001.jrs
Deleted file - C:\Windows\system32\catroot2\edbres00002.jrs
Deleted file - C:\Windows\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Deleted file - C:\Windows\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Deleted file - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{0bdb72fd-3198-11e3-9510-806e6f6e6963}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{0bdb72fd-3198-11e3-9510-806e6f6e6963}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{0bdb72fd-3198-11e3-9510-806e6f6e6963}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{0bdb72fd-3198-11e3-9510-806e6f6e6963}.TxR.blf
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\system32\config\txr\{2d97c7a3-91d8-11e0-8267-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{2d97c7a3-91d8-11e0-8267-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{2d97c7a3-91d8-11e0-8267-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{473f0beb-91e4-11e0-9aa1-6431503117cb}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{473f0beb-91e4-11e0-9aa1-6431503117cb}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{473f0beb-91e4-11e0-9aa1-6431503117cb}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{473f0beb-91e4-11e0-9aa1-6431503117cb}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{68eac3ea-91e1-11e0-bf6d-6431503117cb}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{68eac3ea-91e1-11e0-bf6d-6431503117cb}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{68eac3ea-91e1-11e0-bf6d-6431503117cb}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{68eac3ea-91e1-11e0-bf6d-6431503117cb}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{68eac459-91e1-11e0-bf6d-6431503117cb}.TxR.3.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{68eac45a-91e1-11e0-bf6d-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{68eac45a-91e1-11e0-bf6d-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{68eac45a-91e1-11e0-bf6d-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{6d92687c-cdc9-11e2-ba22-6431503117cb}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{6d92687c-cdc9-11e2-ba22-6431503117cb}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{6d92687c-cdc9-11e2-ba22-6431503117cb}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{6d92687c-cdc9-11e2-ba22-6431503117cb}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{6d92687d-cdc9-11e2-ba22-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{6d92687d-cdc9-11e2-ba22-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{6d92687d-cdc9-11e2-ba22-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{e0208d20-cd66-11e2-b3e4-6431503117cb}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{e0208d20-cd66-11e2-b3e4-6431503117cb}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{e0208d20-cd66-11e2-b3e4-6431503117cb}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{e0208d20-cd66-11e2-b3e4-6431503117cb}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{e0208d21-cd66-11e2-b3e4-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{e0208d21-cd66-11e2-b3e4-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{e0208d21-cd66-11e2-b3e4-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{fe82556b-91d9-11e0-918b-6431503117cb}.TxR.0.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{fe82556b-91d9-11e0-918b-6431503117cb}.TxR.1.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{fe82556b-91d9-11e0-918b-6431503117cb}.TxR.2.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{fe82556b-91d9-11e0-918b-6431503117cb}.TxR.blf
Deleted file - C:\Windows\system32\config\txr\{fe8255b7-91d9-11e0-918b-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\config\txr\{fe8255b7-91d9-11e0-918b-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\config\txr\{fe8255b7-91d9-11e0-918b-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{011d93a4-924c-11e0-8d3d-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{011d93a4-924c-11e0-8d3d-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{011d93a4-924c-11e0-8d3d-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{07d39194-3202-11e3-89d1-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{07d39194-3202-11e3-89d1-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{07d39194-3202-11e3-89d1-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{0807b12d-9139-11e0-bb95-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{0807b12d-9139-11e0-bb95-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{0807b12d-9139-11e0-bb95-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{13033425-9254-11e0-9458-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{13033425-9254-11e0-9458-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{13033425-9254-11e0-9458-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{414b2a25-91e8-11e0-b94c-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{414b2a25-91e8-11e0-b94c-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{414b2a25-91e8-11e0-b94c-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{54b3443c-975a-11e0-8511-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{54b3443c-975a-11e0-8511-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{54b3443c-975a-11e0-8511-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{a3606d8c-a418-11e1-94eb-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{a3606d8c-a418-11e1-94eb-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{a3606d8c-a418-11e1-94eb-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{bccdcb22-922a-11e0-a421-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{bccdcb22-922a-11e0-a421-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{bccdcb22-922a-11e0-a421-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{e15fc697-94fa-11e0-871e-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{e15fc697-94fa-11e0-871e-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{e15fc697-94fa-11e0-871e-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{fd5884bf-c8aa-11e2-b25f-6431503117cb}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{fd5884bf-c8aa-11e2-b25f-6431503117cb}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\schema.dat{fd5884bf-c8aa-11e2-b25f-6431503117cb}.TMContainer00000000000000000002.regtrans-ms
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.blf
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
File not found - C:\Windows\SysWoW64\catroot2\*.*
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
 
The Background Intelligent Transfer Service service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Windows Update service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Windows Modules Installer service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Path not found - C:\Windows\SoftwareDistribution
The system cannot find the file specified.
The system cannot find the file specified.
Path not found - C:\Windows\system32\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{0bdb72fe-3198-11e3-9510-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
File not found - C:\Windows\system32\SMI\Store\Machine\*.TM*
File not found - C:\Windows\system32\SMI\Store\Machine\*.blf
File not found - C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.TM*
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.blf
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Path not found - C:\Windows\SysWoW64\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
 

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 30 August 2015 - 07:24 AM

Navigate to the page

https://support.microsoft.com/en-us/gp/windows-update-issues/en-ca

and let Microsoft Fix the Windows Update Issues

Restart the computer when completed.

How is it now?

#13 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 30 August 2015 - 10:47 AM

No change. The resulting completed troubleshooter dialog says it fixed Service Registration is missing or corrupt, Problems installing recent updates, Problems installing recent updates (sik), and if you open up the log that created it says it fixed Windows Update error 0x80070057 (different error), however the pop-up it is NOT fixed.



#14 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:10:43 AM

Posted 30 August 2015 - 10:51 AM

In the "Detection Details" under error report it says the RootCause: is RC_DataStore. It collects a file called CheckSURLog.cab. Would it help if I attached?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 30 August 2015 - 01:46 PM

This problem is not caused by malware and not my forte.

This is the best article I could find on the issue.
All I suggest if for you to check if KB2975719 update has been installed on your computer.

Should you need additional help please start a new topic in the Windows 7 forum.

http://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert will be able to help you better than I can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users