Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP- Bad image popups


  • This topic is locked This topic is locked
19 replies to this topic

#1 mikej62

mikej62

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 September 2016 - 06:45 PM

I'm having issues with my windows XP computer. About 10% of the time when I attempt up to start up programs, I get a bad image. exe popup error that won't let me open the program. I ran Malwarebytes but it says I have nothing. I attached the logs from the DDS program.

 

I would get a message resembling something like this when I get the popup:

 

xxxxx.exe- Bad Image

The application or DLL C:\Windows\xxxxxx.dll is not a valid Windows image. Please check this against your installation diskette.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 08 September 2016 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs for my review.

#3 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 13 September 2016 - 06:55 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by Nashih (administrator) on HOME-7992934537 (13-09-2016 19:53:58)
Running from C:\Documents and Settings\Nashih\Desktop
Loaded Profiles: Nashih (Available Profiles: Nashih & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot Software, Inc. ) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files\Webroot\WebrootSecurity\SSU.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Nashih\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Generic Host Process] => 0
HKLM\...\Run: [SpySweeper] => C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
Winlogon\Notify\rbiigmv: C:\Documents and Settings\Nashih\Local Settings\Application Data\rbiigmv.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 14 September 2016 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

[B]HKLM\...\Run: [Generic Host Process] => 0
Winlogon\Notify\rbiigmv: C:\Documents and Settings\Nashih\Local Settings\Application Data\rbiigmv.dll [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
Your FRST log you submitted was incomplete.
If the Program persists please run the Farbar tool normally one more time.
Make sure you copy and paste the complete log for my review.

I also need to see the Addition.Txt file (log) that was created by the Farbar tool.

#5 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 16 September 2016 - 05:43 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by Nashih (16-09-2016 18:18:36) Run:2
Running from C:\Documents and Settings\Nashih\Desktop
Loaded Profiles: Nashih (Available Profiles: Nashih & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
[B]HKLM\...\Run: [Generic Host Process] => 0
Winlogon\Notify\rbiigmv: C:\Documents and Settings\Nashih\Local Settings\Application Data\rbiigmv.dll [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\[B]Generic Host Process => value not found.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbiigmv" => key removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9721 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 49711896 B
Java, Flash, Steam htmlcache => 144469 B
Windows/system/dllcache/drivers => 2726416006 B
Edge => 0 B
Chrome => 435140764 B
Firefox => 735194917 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default User => 66164 B
All Users => 0 B
systemprofile => 1738876753 B
LocalService => 760308 B
NetworkService => 2965864 B
Nashih => 566400988 B
Administrator => 16677 B
 
RecycleBin => 3281956291 B
EmptyTemp: => 8.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:30:34 ====
 
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 17 September 2016 - 08:32 AM

The Addition.txt file is empty.

Please run the Farbar tool and make sure that the box to create the Addition.txt file is marked.

Post the log for my review.

#7 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 17 September 2016 - 11:47 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by Nashih (administrator) on HOME-7992934537 (17-09-2016 12:43:15)
Running from C:\Documents and Settings\Nashih\Desktop
Loaded Profiles: Nashih (Available Profiles: Nashih & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot Software, Inc. ) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files\Webroot\WebrootSecurity\SSU.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Nashih\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [536576 2008-08-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Generic Host Process] => 0
HKLM\...\Run: [SpySweeper] => C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [6156336 2011-04-05] (Webroot Software, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{06E546F9-7973-438E-A1D0-AA6140CD8403}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{1FC53C2F-BC7B-4ADE-9B0F-416256927116}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{1FC53C2F-BC7B-4ADE-9B0F-416256927116}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> URL hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.bing.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-22] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\Nashih\Application Data\cbqdoyud\inteten.dll [2015-03-27] ()
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll [2013-02-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] ()
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll [2009-11-25] (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1214440339-1614895754-725345543-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll [2009-11-25] (Move Networks)
FF Plugin HKU\S-1-5-21-1214440339-1614895754-725345543-1003: @nsroblox.roblox.com/launcher -> C:\Documents and Settings\Nashih\Local Settings\Application Data\RobloxVersions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1214440339-1614895754-725345543-1003: @nsroblox.roblox.com/launcher64 -> C:\Documents and Settings\Nashih\Local Settings\Application Data\RobloxVersions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-05-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178} [2016-06-28] [not signed]
FF Extension: (Test Pilot) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\testpilot@labs.mozilla.com.xpi [2015-08-05]
FF Extension: (Mozilla Firefox Hotfixer) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com [2015-03-28] [not signed]
FF Extension: (Clear Form History) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}.xpi [2015-08-14]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f} [2016-04-10] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f} [2015-08-25] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a} [2015-08-25] [not signed]
FF Extension: (EPUBReader) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-05-17]
FF Extension: (iMacros for Firefox) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-05-17]
FF Extension: (Adobe DLM (powered by getPlus®)) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-04] [not signed]
FF HKU\S-1-5-21-1214440339-1614895754-725345543-1003\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Nashih\Application Data\Move Networks
FF Extension: (No Name) - C:\Documents and Settings\Nashih\Application Data\Move Networks [2015-03-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-04-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Nashih\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Flamite) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] () [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] () [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
R2 WebrootSpySweeperService; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [4048256 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] () [File not signed]
R2 WRConsumerService; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1201656 2011-07-03] (Webroot Software, Inc. )
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2006-06-11] (Samsung Electronics Co., Ltd.) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-03] () [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2016-09-06] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 ssfs0bbc; C:\WINDOWS\System32\DRIVERS\ssfs0bbc.sys [29832 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 sshrmd; C:\WINDOWS\System32\DRIVERS\sshrmd.sys [23176 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\WINDOWS\System32\DRIVERS\ssidrv.sys [176776 2011-03-22] (Webroot Software, Inc. (www.webroot.com))
S3 WISTechVIDCAP; C:\WINDOWS\System32\drivers\Xstream.sys [118400 2004-09-03] (Plextor Corp.)
S1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-03] () [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] () [File not signed]
S3 XLoader; C:\WINDOWS\System32\Drivers\XLoader.sys [13184 2004-09-03] (Plextor Corp.)
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 18:18 - 2016-09-16 18:30 - 00001562 _____ C:\Documents and Settings\Nashih\Desktop\Fixlog.txt
2016-09-13 19:54 - 2016-09-13 19:55 - 02398720 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST64 (1).exe
2016-09-13 19:53 - 2016-09-13 19:53 - 00000383 _____ C:\Documents and Settings\Nashih\Desktop\Addition.txt
2016-09-13 19:52 - 2016-09-17 12:43 - 00021946 _____ C:\Documents and Settings\Nashih\Desktop\FRST.txt
2016-09-13 19:52 - 2016-09-13 19:52 - 01748992 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST (1).exe
2016-09-13 19:51 - 2016-09-13 19:51 - 02398720 _____ (Farbar) C:\Documents and Settings\Nashih\Desktop\FRST64.exe
2016-09-07 19:39 - 2016-09-07 19:39 - 00018628 _____ C:\Documents and Settings\Nashih\Desktop\attach.txt
2016-09-07 19:39 - 2016-09-07 19:39 - 00007590 _____ C:\Documents and Settings\Nashih\Desktop\dds.txt
2016-09-07 19:30 - 2016-09-07 19:30 - 00688992 ____R (Swearware) C:\Documents and Settings\Nashih\Desktop\dds.com
2016-09-06 19:30 - 2016-09-06 19:30 - 00000738 _____ C:\Documents and Settings\All Users\Desktop\RegCure.lnk
2016-09-06 19:30 - 2016-09-06 19:30 - 00000000 ____D C:\Program Files\RegCure
2016-09-06 19:30 - 2016-09-06 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
2016-09-06 19:24 - 2016-09-06 19:24 - 00004259 _____ C:\Documents and Settings\Nashih\Desktop\RKreport[9].txt
2016-09-06 19:23 - 2016-09-06 19:23 - 00000804 _____ C:\Documents and Settings\Nashih\Desktop\RKreport[8].txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-17 12:44 - 2014-01-21 14:16 - 00000000 ____D C:\Documents and Settings\Nashih\Local Settings\temp
2016-09-17 12:43 - 2014-01-10 15:21 - 00000000 ____D C:\FRST
2016-09-17 12:37 - 2015-02-17 17:57 - 00000432 _____ C:\WINDOWS\Tasks\SMupdate3.job
2016-09-17 12:37 - 2015-02-17 17:57 - 00000432 _____ C:\WINDOWS\Tasks\SMupdate2.job
2016-09-17 12:37 - 2015-02-17 17:57 - 00000432 _____ C:\WINDOWS\Tasks\SMupdate1.job
2016-09-17 12:37 - 2015-02-17 17:57 - 00000360 _____ C:\WINDOWS\Tasks\YTDownloader.job
2016-09-17 12:37 - 2015-02-17 17:57 - 00000350 _____ C:\WINDOWS\Tasks\YTDownloaderUpd.job
2016-09-17 12:37 - 2014-03-14 20:42 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-09-17 12:37 - 2012-08-11 13:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-17 12:37 - 2009-10-06 22:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-17 07:18 - 2009-10-06 22:05 - 00032500 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-17 07:17 - 2009-10-06 22:06 - 00000178 __SHC C:\Documents and Settings\Nashih\ntuser.ini
2016-09-17 06:57 - 2012-08-11 13:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-17 06:32 - 2012-06-05 01:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-16 18:29 - 2014-01-21 14:16 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-09-16 18:11 - 2004-08-03 21:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-08 15:00 - 2014-03-14 20:42 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-09-07 21:15 - 2009-10-08 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-09-07 21:14 - 2013-08-26 03:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-07 21:04 - 2009-10-07 20:31 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-06 19:30 - 2011-12-26 20:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegCure
2016-09-06 19:28 - 2015-03-29 11:02 - 00466036 _____ C:\MGlogs.zip
2016-09-06 19:28 - 2015-03-29 11:02 - 00000000 ____D C:\MGtools
2016-09-06 18:48 - 2015-02-18 21:57 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-27 11:53 - 2009-10-14 16:19 - 00000000 ____D C:\Program Files\Microsoft Office
 
==================== Files in the root of some directories =======
 
2015-03-17 19:27 - 2015-03-17 19:27 - 0008654 _____ () C:\Documents and Settings\Nashih\Application Data\HELP_DECRYPT.HTML
2015-03-17 19:27 - 2015-03-17 19:27 - 0045647 _____ () C:\Documents and Settings\Nashih\Application Data\HELP_DECRYPT.PNG
2015-03-17 19:27 - 2015-03-17 19:27 - 0004264 _____ () C:\Documents and Settings\Nashih\Application Data\HELP_DECRYPT.TXT
2015-03-17 19:27 - 2015-03-17 19:27 - 0000296 _____ () C:\Documents and Settings\Nashih\Application Data\HELP_DECRYPT.URL
2015-03-17 19:27 - 2015-03-17 19:27 - 0008654 _____ () C:\Documents and Settings\Nashih\Application Data\Microsoft\HELP_DECRYPT.HTML
2015-03-17 19:27 - 2015-03-17 19:27 - 0045647 _____ () C:\Documents and Settings\Nashih\Application Data\Microsoft\HELP_DECRYPT.PNG
2015-03-17 19:27 - 2015-03-17 19:27 - 0004264 _____ () C:\Documents and Settings\Nashih\Application Data\Microsoft\HELP_DECRYPT.TXT
2015-03-17 19:27 - 2015-03-17 19:27 - 0000296 _____ () C:\Documents and Settings\Nashih\Application Data\Microsoft\HELP_DECRYPT.URL
2011-12-16 17:32 - 2011-12-16 17:33 - 0016770 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\2356184353
2011-12-16 17:32 - 2011-12-16 17:32 - 0016766 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\5fg5p37jww7x32duefy0704fk661mcx45y3d
2011-12-10 17:58 - 2011-12-10 18:03 - 0012088 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\785717l4t046v007b072k0fkc2y2
2011-12-27 18:26 - 2011-12-27 18:29 - 0014536 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\8b34281714uia161
2011-12-16 17:32 - 2011-12-16 17:32 - 0016774 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\977814802
2015-03-15 20:20 - 2015-03-25 18:04 - 0000664 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\d3d9caps.dat
2009-10-15 18:32 - 2014-11-29 19:44 - 0006144 ____C () C:\Documents and Settings\Nashih\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-28 15:45 - 2015-03-28 15:45 - 0000000 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\ehdmmchvou.png
2015-03-28 00:33 - 2015-03-28 00:33 - 0408088 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\eybpjwadsi.dat
2015-03-17 19:30 - 2015-03-17 19:30 - 0008654 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-17 19:30 - 2015-03-17 19:30 - 0045647 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-03-17 19:30 - 2015-03-17 19:30 - 0004264 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-03-17 19:30 - 2015-03-17 19:30 - 0000296 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-28 00:35 - 2015-03-28 00:35 - 0000000 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\osnpphqeqg.png
2011-12-26 19:41 - 2011-12-26 19:43 - 0015022 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\qc33xffd0ua6634ib5532kj7jn1xl3h8
2015-03-28 15:17 - 2015-03-28 15:17 - 0000000 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\qttdesfrtc.png
2015-02-17 17:41 - 2015-02-17 17:42 - 0000093 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\rbxcsettings.rbx
2011-05-07 22:43 - 2011-05-07 22:46 - 0018198 __SHC () C:\Documents and Settings\Nashih\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
2015-03-28 19:41 - 2015-03-28 19:41 - 0000000 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\whifosckrz.png
2015-03-28 14:39 - 2015-03-28 14:39 - 0000000 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\xdxbqcsaok.png
2015-03-28 00:33 - 2015-03-28 00:33 - 0000032 _____ () C:\Documents and Settings\Nashih\Local Settings\Application Data\xgdrxzdtxh.png
2015-03-17 19:27 - 2015-03-17 19:27 - 0008654 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-03-17 19:27 - 2015-03-17 19:27 - 0045647 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-03-17 19:27 - 2015-03-17 19:27 - 0004264 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-03-17 19:27 - 2015-03-17 19:27 - 0000296 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2011-12-16 17:02 - 2011-12-16 17:32 - 0016762 __SHC () C:\Documents and Settings\All Users\Application Data\5fg5p37jww7x32duefy0704fk661mcx45y3d
2011-12-17 13:29 - 2011-12-17 16:20 - 0013462 __SHC () C:\Documents and Settings\All Users\Application Data\g52l7kx015e2sl81340pwhj21wpy026ba8t6
2015-03-17 19:27 - 2015-03-17 19:27 - 0008654 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-03-17 19:27 - 2015-03-17 19:27 - 0045647 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.PNG
2015-03-17 19:27 - 2015-03-17 19:27 - 0004264 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-03-17 19:27 - 2015-03-17 19:27 - 0000296 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2011-12-26 19:41 - 2011-12-26 19:43 - 0015022 __SHC () C:\Documents and Settings\All Users\Application Data\qc33xffd0ua6634ib5532kj7jn1xl3h8
2009-10-14 17:13 - 2009-10-14 17:14 - 0001759 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2011-05-07 22:43 - 2011-05-07 22:46 - 0018198 __SHC () C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:07] - [2009-02-09 08:10] - 0402432 ____A (Microsoft Corporation) 629D67049CBA078D19B5B1BDF4BA3DBE
 
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 23 September 2016 - 10:20 AM

I apologize for this long delay.

Are you still with me and do you still need help.

#9 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 24 September 2016 - 02:31 PM

I still need help with this. I still get the bad image ..exe popups occasionally when opening programs.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 25 September 2016 - 08:46 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [Generic Host Process] => 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178} [2016-06-28] [not signed]
FF Extension: (Mozilla Firefox Hotfixer) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com [2015-03-28] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f} [2016-04-10] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f} [2015-08-25] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a} [2015-08-25] [not signed]
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Extension: (Flamite) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
CustomCLSID: HKU\S-1-5-21-1214440339-1614895754-725345543-1003_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> C:\Documents and Settings\Nashih\Application Data\tricomfi\inteten.dll => No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YTDownloaderUpd.job => C:\Program Files\YTDownloader\Updater.exe <==== ATTENTION
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a}
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\YTDownloader\Updater.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#11 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 25 September 2016 - 10:36 AM

I still have the same bad image problem.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by Nashih (25-09-2016 11:16:03) Run:3
Running from C:\Documents and Settings\Nashih\Desktop
Loaded Profiles: Nashih (Available Profiles: Nashih & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [Generic Host Process] => 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-1614895754-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178} [2016-06-28] [not signed]
FF Extension: (Mozilla Firefox Hotfixer) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com [2015-03-28] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f} [2016-04-10] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f} [2015-08-25] [not signed]
FF Extension: (Zoom It) - C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a} [2015-08-25] [not signed]
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Extension: (Flamite) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 catchme; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Nashih\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; no ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
CustomCLSID: HKU\S-1-5-21-1214440339-1614895754-725345543-1003_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> C:\Documents and Settings\Nashih\Application Data\tricomfi\inteten.dll => No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate1.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => rundll32.exe  C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YTDownloaderUpd.job => C:\Program Files\YTDownloader\Updater.exe <==== ATTENTION
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f}
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a}
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\YTDownloader\Updater.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Generic Host Process => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1214440339-1614895754-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17" => key removed successfully.
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178} => moved successfully
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178} => path removed successfully.
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com => moved successfully
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f} => moved successfully
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f} => moved successfully
C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a} => moved successfully
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk => moved successfully
C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
Roxio UPnP Renderer 11 => service removed successfully.
rpcapd => service removed successfully.
catchme => service removed successfully.
cpuz132 => service removed successfully.
IntelIde => service removed successfully.
SSPORT => service removed successfully.
"HKU\S-1-5-21-1214440339-1614895754-725345543-1003_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}" => key removed successfully.
C:\WINDOWS\Tasks\SMupdate1.job => moved successfully
C:\WINDOWS\Tasks\SMupdate2.job => moved successfully
C:\WINDOWS\Tasks\SMupdate3.job => moved successfully
C:\WINDOWS\Tasks\YTDownloader.job => moved successfully
C:\WINDOWS\Tasks\YTDownloaderUpd.job => moved successfully
"C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\extensions\{8634bd77-574a-5eaa-aaa5-2630bbef0178}" => not found.
"C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\veggy@veggyAddon.com" => not found.
"C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{2a721736-636e-dd2c-ded7-f94bb6a5b01f}" => not found.
"C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{344ec19e-8e42-4b56-8c75-59686f4ca80f}" => not found.
"C:\Documents and Settings\Nashih\Application Data\Mozilla\Firefox\Profiles\unz3zo6e.default\Extensions\{4e7ac1a7-c6de-53a7-6e5b-1109d0a3bd9a}" => not found.
"C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk" => not found.
"C:\Documents and Settings\Nashih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\PROGRA~1\COMMON~1\System\SysMenu.dll => moved successfully
"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => not found.
"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => not found.
"C:\Program Files\YTDownloader\YTDownloader.exe" => not found.
"C:\Program Files\YTDownloader\Updater.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 9721 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 548044 B
Edge => 0 B
Chrome => 453552926 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default User => 0 B
All Users => 0 B
systemprofile => 6571316 B
LocalService => 692 B
NetworkService => 66228 B
Nashih => 776973 B
Administrator => 0 B
 
RecycleBin => 38814 B
EmptyTemp: => 440.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:16:36 ====


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 25 September 2016 - 12:53 PM


I found an error in the text of my fist suggested fix.

Try this.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

HKLM\...\Run: [Generic Host Process] => 0

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I the problem persists please post the exact and complete error message if you can.

#13 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 26 September 2016 - 05:52 PM

I'm still having the same issues.
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by Nashih (26-09-2016 18:49:48) Run:4
Running from C:\Documents and Settings\Nashih\Desktop
Loaded Profiles: Nashih (Available Profiles: Nashih & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [Generic Host Process] => 0
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Generic Host Process => value not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:49:48 ====


#14 mikej62

mikej62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 26 September 2016 - 06:03 PM

Example of this popup. 

 

 

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 AM

Posted 27 September 2016 - 09:09 AM

Your version of the MFC71.DLL is wrong.

Let see if you have an other copy on the computer.

Please run the Farbar Recovery Scan Tool. Enter MFC71.DLL in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users