Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Digital Signature


  • Please log in to reply
17 replies to this topic

#1 JoeWatson

JoeWatson

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 03 November 2015 - 09:17 PM

Ran Rkill as below. Could yoy advise what I should do with these. My apologies if I'm in the wrong

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2015 09:06:54 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 1,008,640 : 11/21/2010 10:24 AM : e573bd9ab55c8e333c202b9e255f972e [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 05/17/2014 10:32 AM : 2c9cc9f492ca596b1b9fc1ae5e916356 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 10:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 10:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com

Program finished at: 11/04/2015 09:07:05 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

forum



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 03 November 2015 - 09:35 PM

Hi JoeWatson :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 03 November 2015 - 10:59 PM

Logs are below

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Jo (administrator) on 04-11-2015 at 10:52:57
Running from "C:\Users\Jo\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: B85M-HD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TeamViewer VPN Adapter = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jo-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-5E-7D-B3-A6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-D4-35-88-BD-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd51:1c67:af57:1:24ee:4c11:1664:226a(Preferred)
   Temporary IPv6 Address. . . . . . : fd51:1c67:af57:1:208f:1b82:1414:ea63(Preferred)
   Link-local IPv6 Address . . . . . : fe80::24ee:4c11:1664:226a%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.109(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 04, 2015 6:16:37 AM
   Lease Expires . . . . . . . . . . : Thursday, November 05, 2015 6:16:36 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 242537525
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-08-88-7A-74-D4-35-88-BD-A8
   DNS Servers . . . . . . . . . . . : 110.164.252.222
                                       110.164.252.223
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{473B5E96-61D8-4836-AB22-8FF06F4632F1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5E7DB3A6-04DA-41AA-8D01-0329393258D5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cns1.3bb.co.th
Address:  110.164.252.222

Name:    google.com
Addresses:  2404:6800:4001:801::100e
      110.164.6.241
      110.164.6.226
      110.164.6.227
      110.164.6.222
      110.164.6.236
      110.164.6.217
      110.164.6.246
      110.164.6.221
      110.164.6.251
      110.164.6.237
      110.164.6.247
      110.164.6.216
      110.164.6.231
      110.164.6.242
      110.164.6.232
      110.164.6.212


Pinging google.com [110.164.16.44] with 32 bytes of data:
Reply from 110.164.16.44: bytes=32 time=26ms TTL=58
Reply from 110.164.16.44: bytes=32 time=26ms TTL=58

Ping statistics for 110.164.16.44:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server:  cns1.3bb.co.th
Address:  110.164.252.222

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=289ms TTL=48
Reply from 98.139.183.24: bytes=32 time=292ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 289ms, Maximum = 292ms, Average = 290ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...00 ff 5e 7d b3 a6 ......TeamViewer VPN Adapter
 11...74 d4 35 88 bd a8 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.109     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.109    276
    192.168.1.109  255.255.255.255         On-link     192.168.1.109    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.109    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.109    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.109    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11     28 fd51:1c67:af57:1::/64    On-link
 11    276 fd51:1c67:af57:1:208f:1b82:1414:ea63/128
                                    On-link
 11    276 fd51:1c67:af57:1:24ee:4c11:1664:226a/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::24ee:4c11:1664:226a/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/04/2015 12:59:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: GenieTimelineService.exe, version: 5.0.1.100, time stamp: 0x529c88b3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2bcac
Exception code: 0x40000015
Fault offset: 0x00000000000761c9
Faulting process id: 0x13dc
Faulting application start time: 0xGenieTimelineService.exe0
Faulting application path: GenieTimelineService.exe1
Faulting module path: GenieTimelineService.exe2
Report Id: GenieTimelineService.exe3

Error: (11/03/2015 08:34:43 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c58

Start Time: 01d1163b8233a7f1

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 95520e91-822f-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:28:21 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a90

Start Time: 01d1163b72e15003

Termination Time: 8

Application Path: C:\Windows\explorer.exe

Report Id: ba7f8873-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:27:54 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1168

Start Time: 01d1163b54e69e43

Termination Time: 69

Application Path: C:\Windows\explorer.exe

Report Id: a8e61e2b-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:27:05 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c38

Start Time: 01d115ca5809bb57

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 7dfa65f8-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 06:58:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 09:40:26 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c2c

Start Time: 01d114f992d132ad

Termination Time: 24601

Application Path: C:\Windows\Explorer.EXE

Report Id: 87e56ca8-816f-11e5-9fd4-74d43588bda8

Error: (11/02/2015 06:03:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 03:25:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Copernic.DesktopSearch.exe, version: 4.3.1.8158, time stamp: 0x5578706b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75134f5d
Faulting process id: 0x8d0
Faulting application start time: 0xCopernic.DesktopSearch.exe0
Faulting application path: Copernic.DesktopSearch.exe1
Faulting module path: Copernic.DesktopSearch.exe2
Report Id: Copernic.DesktopSearch.exe3

Error: (11/01/2015 06:35:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/04/2015 06:31:17 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/04/2015 12:59:33 AM) (Source: Service Control Manager) (User: )
Description: The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/03/2015 08:23:33 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 07:59:33 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 07:23:36 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 06:47:35 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 06:12:57 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 06:00:56 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RICHARDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{473B5E96-61D8-4836-AB22-8FF06F4632F1}.
The master browser is stopping or an election is being forced.

Error: (11/03/2015 12:35:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (11/03/2015 12:35:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (11/04/2015 12:59:25 AM) (Source: Application Error)(User: )
Description: GenieTimelineService.exe5.0.1.100529c88b3MSVCR100.dll10.0.40219.3254df2bcac4000001500000000000761c913dc01d115ca9308b243C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exeC:\Windows\system32\MSVCR100.dll9e130f12-8254-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:34:43 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567c5801d1163b8233a7f10C:\Windows\explorer.exe95520e91-822f-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:28:21 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567a9001d1163b72e150038C:\Windows\explorer.exeba7f8873-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:27:54 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567116801d1163b54e69e4369C:\Windows\explorer.exea8e61e2b-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 08:27:05 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567c3801d115ca5809bb570C:\Windows\Explorer.EXE7dfa65f8-822e-11e5-97d4-74d43588bda8

Error: (11/03/2015 06:58:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 09:40:26 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567c2c01d114f992d132ad24601C:\Windows\Explorer.EXE87e56ca8-816f-11e5-9fd4-74d43588bda8

Error: (11/02/2015 06:03:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 03:25:02 PM) (Source: Application Error)(User: )
Description: Copernic.DesktopSearch.exe4.3.1.81585578706bunknown0.0.0.000000000c000041d75134f5d8d001d1146857bb7024C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exeunknown0bdd52b4-8072-11e5-ac88-74d43588bda8

Error: (11/01/2015 06:35:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-11-04 10:12:38.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-04 09:06:53.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-04 08:55:15.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-04 08:38:09.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-04 07:21:46.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 22:15:02.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 20:36:10.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 20:12:47.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 18:05:53.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-03 15:33:07.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ashampoo Burning Studio 14 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.1.2 - Ashampoo GmbH & Co. KG)
Azon Keyword Generator V4 (HKLM-x32\...\Azon Keyword Generator V44.0.0.1) (Version: 4.0.0.1 - InnAnTech Industries Inc.)
Azon Product Inspector V4 (HKLM-x32\...\Azon Product Inspector V44.0.0.7) (Version: 4.0.0.7 - InnAnTech Industries Inc.)
Azon Review Finder V4 (HKLM-x32\...\Azon Review Finder V44.0.0.5) (Version: 4.0.0.5 - InnAnTech Industries Inc.)
Azon Top 100 Analyzer V4 (HKLM-x32\...\Azon Top 100 Analyzer V44.0.0.9) (Version: 4.0.0.9 - InnAnTech Industries Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Copernic Desktop Search 4 (HKLM-x32\...\{744520A3-4469-4964-9CCC-459214868FC4}) (Version: 4.3.1.8158 - Copernic) Hidden
Copernic Desktop Search 4 (HKLM-x32\...\CopernicDesktopSearch4) (Version: 4.3.1.8158 - Copernic)
Creating Fat Content Course (HKLM-x32\...\Creating Fat Content Course) (Version:  - )
Domain Name Analyzer v6.012715 (HKLM-x32\...\Domain Name Analyzer v6_is1) (Version:  - Softnik Technologies)
Domain Samurai (HKLM-x32\...\{5CE19F42-6603-10FE-BB59-22B4F85E17CB}) (Version: 0.03.79 - Alliance Software Pty Ltd) Hidden
Domain Samurai (HKLM-x32\...\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.03.79 - Alliance Software Pty Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Free Download Manager 3.9.5 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 5.0 - Genie9)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.4.1.3770 (HKCU\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KeywordMap Pro 1.75 (HKCU\...\KeywordMap Pro) (Version: 1.75 - MarketBold Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LongTailPro - Version 3.0.14 (HKLM-x32\...\{1D3636CC-1980-D08D-31C7-0AE9769C4CC8}) (Version: 3.0.14 - Long Tail Media, LLC) Hidden
LongTailPro - Version 3.0.14 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 3.0.14 - Long Tail Media, LLC)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\{453D1361-95A6-CCA2-51F8-9E916C6558D9}) (Version: 0.93.58 - Alliance Software Pty Ltd) Hidden
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.58 - Alliance Software Pty Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Pale Moon 25.7.3 (x86 en-US) (HKLM-x32\...\Pale Moon 25.7.3 (x86 en-US)) (Version: 25.7.3 - Moonchild Productions)
Rank Tracker Samurai (HKLM-x32\...\{F01F42CD-354E-8329-AA0E-08D9311EE270}) (Version: 0.00.09 - Alliance Software Pty Ltd) Hidden
Rank Tracker Samurai (HKLM-x32\...\RankTrackerSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.00.09 - Alliance Software Pty Ltd)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.83 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Revili (HKLM-x32\...\Revili1.0.0.2) (Version: 1.0.0.2 - InnAnTech Industries Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
TrendMiner Pro v2.11.9 (HKLM-x32\...\TrendMiner Pro_is1) (Version:  - TrendMiner Pro)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.83 - Trusteer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Content Studio (HKLM-x32\...\{0FEA7428-D096-4DFE-801D-7ABEA19EE9BC}) (Version: 1.0.0.155 - Lunasoft Marketing, SL)
XMind 6 (v3.5.3) (HKLM-x32\...\XMind_is1) (Version: 3.5.3.201506180105 - XMind Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 3974.66 MB
Available physical RAM: 1035.07 MB
Total Virtual: 7947.52 MB
Available Virtual: 5210.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:844.41 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:298.09 GB) (Free:62.32 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:619.68 GB) NTFS

========================= Users: ========================================

User accounts for \\JO-PC

Administrator            Guest                    Jo                       
User 1                   


**** End of log ****

. There isn't an option List Last 10 Event Viewer Errors. The option is List Last 10 Event Viewer Errors.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 04 November 2015 - 06:23 AM

Do you know anything about these hosts entries?
========================= Hosts content: =================================
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

There isn't an option List Last 10 Event Viewer Errors. The option is List Last 10 Event Viewer Errors.


Isn't it the same? Mistake whily copy/pasting probably? :)

Also, follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 November 2015 - 09:55 AM

Dropbox URL https://www.dropbox.com/s/ltdqa38c2wmopn7/cbs.txt?dl=0



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 04 November 2015 - 10:07 AM

It looks like SFC repaired the user32.dll file. Can you run RKill again and post the log?

Also, do you know anything about these hosts entries?
========================= Hosts content: =================================
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 November 2015 - 09:04 PM

RKill log below. Don't know anything about the three hosts entries.

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/05/2015 08:48:29 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com
 
Program finished at: 11/05/2015 08:56:05 AM
Execution time: 0 hours(s), 7 minute(s), and 35 seconds(s)


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 04 November 2015 - 09:10 PM

Looks like the user32.dll was fixed by the SFC scan, so that's good :) This being said, I suspect your Windows installation to be counterfeit, or illegally activated. Would you know anything about it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 November 2015 - 09:45 PM

Haven't a clue as it was given me by a family member and I have been using it for over a year now



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 04 November 2015 - 09:51 PM

Alright. Just for the future, you'll be refused assistance here if your Windows copy isn't legally activated, since it would go against BleepingComputer rules. I can help you determinates if it's legitimate or not if you want.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 November 2015 - 09:53 PM

OK. Would appreciate your help on this



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 04 November 2015 - 09:55 PM

Alright, follow the instructions below please.

MGADiag
  • Download MGADiag (by Microsoft) from the link below:
    http://go.microsoft.com/fwlink/?linkid=52012
  • Run the tool by double clicking on the file. Press Continue when prompted
  • When it has finished, press Copy then Paste (Ctrl+V) this into your next post

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 05 November 2015 - 02:17 AM

Before I run this. Will it cause me a problem if I find I have a counterfeit version installed. For example can Microsoft stop anything?

 

If it is a counterfeit I will not be able to buy the genuine one just at this moment as my budget is pretty low at this moment and it would have to buy it later.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 05 November 2015 - 06:19 AM

In reality, Microsoft can't stop anything. They won't come in front of your door to tell you that you're using a non-genuine version of Windows. Legally speaking, you shouldn't be doing that however.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 05 November 2015 - 09:16 AM

MGADiag details below:

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

 

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F

Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=

Windows Product ID: 00371-OEM-8992671-00004

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010100.1.0.048

ID: {C4E00EFA-F3DB-4E4A-954D-358DDC40B933}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Professional

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.150525-0603

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Pale Moon\palemoon.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{C4E00EFA-F3DB-4E4A-954D-358DDC40B933}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-186362546-100312684-664110717</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>B85M-HD3</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F6</Version><SMBIOSVersion major="2" minor="7"/><Date>20140118000000.000000+000</Date></BIOS><HWID>975F3407018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

 

Spsys.log Content: 0x80070002

 

Licensing Data-->

Software licensing service version: 6.1.7601.17514

 

Name: Windows® 7, Professional edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00371-00178-926-700004-02-1033-7601.0000-2072014

Installation ID: 006652891626960434321632505795811796237942078184188351

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: 7TP9F

License Status: Licensed

Remaining Windows rearm count: 3

Trusted time: 05-Nov-15 9:09:28 PM

 

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 8:17:2015 10:56

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

 

 

HWID Data-->

HWID Hash Current: LgAAAAEAAQABAAEAAAACAAAAAgABAAEA6GGEN44r7GogtcTe9AGLyBDTHBXI9g==

 

OEM Activation 1.0 Data-->

N/A

 

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

  ACPI Table Name    OEMID Value  OEMTableID Value

  APIC                      ALASKA                   A M I

  FACP                     ALASKA                   A M I

  HPET                     ALASKA                   A M I

  MCFG                                                  

  FPDT                      ALASKA                   A M I

  SSDT                     PmRef           Cpu0Ist

  SSDT                     PmRef           Cpu0Ist

  SSDT                     PmRef           Cpu0Ist

  SSDT                     PmRef           Cpu0Ist

  DMAR                               INTEL            HSW

  SLIC                      ACRSYS                   ACRPRDCT






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users