login · register	food site

	All Forums		Hot Topics		Gallery

Forums →

Trojan

uniqs
1622

« [Virus] Could you check these results? • Remove PC Cleaner Pro »

Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable 3 edits	Ryan PD [Trojan] V9.Com browser malware/Trojan After nearly 19 years I ‘ve been hit with a piece of malware I don’t know how to deal with. Heck, I’ve only gotten hit with either a virus or malware exploit maybe four times in that 19-year period. Over all I'm pretty careful and also diligent in protection and using it. Yesterday early evening I picked up something that appears to be a least mildly serious from what I read about it and hard to get rid using conventional means. The malware is the V9.com browser hijacker. After trying all means I know and failing to get rid of it I learned of this forum. I have the following anti-malware for my Windows 7 64 bit home premium fully up to date. MSE Superantispyware (Professional version) Malwarebytes (free version) Spyware Blaster I keep definitions up to date and run all on a regular basis including full scans. I ran the full complete scans where applicable immediately after getting the V9. Com malware “browser hijacker.) They did nothing to clean Windows. The Superantispyware real time warning caught it the minute it infected my machine and properly warned me and that is when I ran the scans in an unsuccessful attempt to remove it. (I have no detected traces of any other malware or viruses on my Windows.) I also uninstalled in the control panel all programs listed that were specifically the malware or associated with the malware that were listed. I also ran CC Cleaner and the JV Power Tools program, (guessing at name as it is in Windows and I typing this from OS X so I can see the specific name. I’m staying out of Windows until further instructed. I also ran a system restore but that did not get rid of all of it. I checked online for methods to get rid of them but found the various methods confusing and dramatically different in their methods or instructions on what to do. If you can help me in a way that is clear for me to get rid of it that would be great. However, FYI I was planning in about two weeks to completely reinstall Windows due to non-malware annoying glitches that have popped up the past month in a variety of areas. So that might me something important for you to know. I use OS X 9 to 1 in terms of use compared to Windows so needing access to Windows is not as vital to me as I’m sure it is to most users of Windows—all though I would like access. So what would you like me to do or what do you need from me? I’m typing and posting this from OS X but can easily switch over to Windows as needed. I figured staying out of Windows until contacting you was the best strategy at this time. ADDENDU: After running system restore I did all Windows and driver updates as well as programs such as browsers and email client. Superficially the malware appeared to be gone except in Google. It was no longer appearing anywhere else including IE 10 and Firefox. But it was still there with Google. I could not uninstall Google in add/remove control panel as it kept telling me Google Window as still open and could not install until I closed Google. But it appeared closed. I finally just installed Google using a method online, (from Google I think.) BOTTOM LINE: It may be gone and may not be. I don't know.
	actions · 2013-Jun-27 11:02 am ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast 1 edit	lilhurricane Mod For now, Ryan - stand by until one of our helpers has time to look you over Try to NOT run any other apps or perform any further recovery actions as this sometimes can inhibit a good chance of forensics we'd need to evaluate and correct.
	actions · 2013-Jun-27 8:14 pm ·

TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM Hi Ryan Please download DDS from here and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr - Disable any script blocker, and then double click dds.scr to run the tool. - When done, DDS will open two (2) logs: -- DDS.txt -- Attach.txt - Please save both reports to your Desktop and post them in your next reply. Please download Security Check by screen317 from here: http://www.bleepingcomputer.com/download/securitycheck/ - Save it to your Desktop. - Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. - A Notepad document should open automatically called checkup.txt; please post the contents of that document. Please post 3 files in your next reply, the two logs from DDS, and the log from Security Check. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-27 9:46 pm ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable	Ryan PD said by TheJoker: Hi Ryan Please download DDS from here and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr - Disable any script blocker, and then double click dds.scr to run the tool. - When done, DDS will open two (2) logs: -- DDS.txt -- Attach.txt - Please save both reports to your Desktop and post them in your next reply. Please download Security Check by screen317 from here: http://www.bleepingcomputer.com/download/securitycheck/ - Save it to your Desktop. - Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. - A Notepad document should open automatically called checkup.txt; please post the contents of that document. Please post 3 files in your next reply, the two logs from DDS, and the log from Security Check. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 Run by David at 21:27:11 on 2013-06-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4284 [GMT -7:00] . AV: Microsoft Security Essentials Enabled/Updated {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials Enabled/Updated {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: LastPass - C:\Users\David\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\David\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{27AE482D-E926-4BD5-A095-AB29CC1BD29A} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 validation.sls.microsoft.com Hosts: 127.0.0.1 wdcs.trendmicro.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 ox-d.majorgeeks.com Hosts: 127.0.0.1 metrics.mcafee.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\l6is9tdb.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-12 16:38; support@lastpass.com; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\l6is9tdb.default\extensions\support@lastpass.com FF - ExtSQL: 2013-06-27 16:23; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\l6is9tdb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-14 53488] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-6 1255736] . =============== Created Last 30 ================ . 2013-06-28 06:40:39 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9AD327F-40CF-4C5A-A0F5-40955F68B7CE}\mpengine.dll 2013-06-27 23:52:31 -------- d-----w- C:\Users\David\AppData\Local\Deployment 2013-06-27 23:52:31 -------- d-----w- C:\Users\David\AppData\Local\Apps 2013-06-27 06:55:18 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-06-27 06:54:29 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-27 06:54:28 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-27 06:54:28 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-27 06:54:28 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2013-06-27 06:52:10 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-06-27 06:52:10 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-06-27 06:52:10 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-06-27 06:51:58 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-06-27 06:51:57 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-06-27 06:51:57 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-06-27 06:51:57 111448 ----a-w- C:\Windows\System32\consent.exe 2013-06-27 06:51:01 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-06-27 06:51:01 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-27 06:51:00 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-27 06:47:28 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63CE1E9B-F226-4296-AE7B-A3C624538A88}\gapaengine.dll 2013-06-27 06:45:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-27 03:03:08 -------- d-----w- C:\ProgramData\eSafe 2013-06-27 03:02:32 -------- d-----w- C:\Users\David\AppData\Roaming\FVD Suite 2013-06-27 03:02:13 -------- d-----w- C:\Users\David\AppData\Local\getsav-in 2013-06-27 03:02:03 -------- d-----w- C:\Users\David\AppData\Roaming\eIntaller 2013-06-26 04:27:48 -------- d-----w- C:\Program Files (x86)\Diodia Software . ==================== Find3M ==================== . 2013-06-27 23:28:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 23:28:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 21:27:53.77 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume4 Install Date: 3/6/2011 9:38:40 AM System Uptime: 6/27/2013 9:19:01 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. \| \| EP45-UD3L Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz \| Socket 775 \| 1980/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 172.715 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP261: 4/10/2013 12:05:57 AM - Windows Update RP262: 4/12/2013 6:42:47 PM - Windows Modules Installer RP263: 4/14/2013 6:52:07 AM - Windows Update RP264: 4/17/2013 11:47:15 PM - Windows Update RP265: 4/21/2013 12:38:51 AM - Windows Update RP266: 4/24/2013 12:48:46 AM - Windows Update RP267: 4/24/2013 11:01:06 PM - Windows Update RP268: 4/28/2013 12:29:54 AM - Windows Update RP269: 5/1/2013 3:45:00 PM - Windows Update RP270: 5/5/2013 12:00:08 AM - Windows Update RP271: 5/8/2013 12:44:34 AM - Windows Update RP272: 5/11/2013 2:00:16 AM - Windows Update RP273: 5/14/2013 5:08:46 PM - Windows Update RP274: 5/14/2013 5:27:11 PM - Windows Update RP275: 5/14/2013 5:52:21 PM - Windows Update RP276: 5/18/2013 5:39:58 AM - Windows Update RP277: 5/22/2013 11:08:05 PM - Windows Update RP278: 5/26/2013 1:07:50 AM - Windows Update RP279: 5/29/2013 7:37:49 PM - Windows Update RP280: 6/1/2013 10:49:16 PM - Windows Update RP281: 6/6/2013 10:52:54 PM - Windows Update RP282: 6/10/2013 7:29:33 PM - Windows Update RP284: 6/11/2013 7:10:45 PM - Windows Update RP283: 6/12/2013 1:42:05 AM - Windows Update RP285: 6/13/2013 1:10:47 AM - Windows Update RP286: 6/16/2013 1:31:57 PM - Windows Update RP287: 6/21/2013 8:01:26 AM - Windows Update RP288: 6/21/2013 6:58:26 PM - Restore Operation RP289: 6/21/2013 7:15:07 PM - Windows Update RP290: 6/21/2013 7:17:11 PM - Restore Operation RP291: 6/21/2013 7:48:23 PM - Windows Update RP292: 6/21/2013 7:49:33 PM - Restore Operation RP293: 6/22/2013 12:11:37 AM - Windows Modules Installer RP294: 6/22/2013 12:12:50 AM - Windows Modules Installer RP295: 6/22/2013 12:14:31 AM - Windows Modules Installer RP296: 6/22/2013 12:15:18 AM - Windows Modules Installer RP297: 6/22/2013 12:21:48 AM - Windows Modules Installer RP298: 6/22/2013 12:53:08 AM - Windows Modules Installer RP299: 6/22/2013 9:05:31 AM - Windows Modules Installer RP300: 6/22/2013 9:39:12 AM - Windows Modules Installer RP301: 6/22/2013 10:18:13 AM - Installed ViewSonic Windows 7 x64 Signed Files RP305: 6/22/2013 3:28:56 PM - Windows Update RP306: 6/22/2013 3:32:32 PM - Windows Modules Installer RP302: 6/22/2013 5:44:36 PM - Windows Update RP303: 6/22/2013 5:50:27 PM - Installed ViewSonic Windows 7 x64 Signed Files RP304: 6/22/2013 5:51:45 PM - Installed ViewSonic Windows 7 x64 Signed Files RP307: 6/22/2013 8:01:33 PM - Installed Java 7 Update 25 RP308: 6/22/2013 8:09:21 PM - Removed Java 7 Update 25 RP309: 6/22/2013 9:01:12 PM - Windows Modules Installer RP310: 6/22/2013 9:05:59 PM - Restore Operation RP311: 6/22/2013 9:26:54 PM - Installed ViewSonic Windows 7 x64 Signed Files RP312: 6/25/2013 7:22:38 PM - Windows Modules Installer RP313: 6/25/2013 7:40:32 PM - Restore Operation RP314: 6/25/2013 8:55:06 PM - jv16 PowerTools 2013 [W7-x64] - Decrap my Computer RP315: 6/25/2013 9:10:40 PM - Restore Operation RP316: 6/25/2013 9:27:25 PM - Installed Pictures Toolbar RP317: 6/26/2013 10:26:13 AM - Restore Operation RP318: 6/26/2013 10:40:34 AM - Windows Update RP319: 6/26/2013 10:43:20 AM - Restore Operation RP320: 6/26/2013 11:18:35 AM - Windows Update RP321: 6/26/2013 11:32:49 PM - Restore Operation RP322: 6/26/2013 11:43:07 PM - Windows Update RP323: 6/26/2013 11:52:42 PM - Windows Update RP324: 6/27/2013 4:42:38 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 validation.sls.microsoft.com Hosts: 127.0.0.1 wdcs.trendmicro.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 ox-d.majorgeeks.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 om.symantec.com . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Adobe Shockwave Player 12.0 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Canon Easy-WebPrint EX Canon MP560 series MP Drivers Canon My Printer Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDDRV_Installer Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition eReg erLT Feedback Tool Google Toolbar for Internet Explorer Google Update Helper HydraVision KhalInstallWrapper LastPass (uninstall only) Logitech SetPoint Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 en-US) Napster Burn Engine Rhapsody Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SpywareBlaster 5.0 SUPERAntiSpyware swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Windows 7 Upgrade Advisor WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 6/27/2013 4:32:33 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 6/27/2013 4:26:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:26:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:26:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/27/2013 4:26:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/27/2013 4:26:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/27/2013 4:26:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/27/2013 4:25:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 6/27/2013 4:24:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/27/2013 4:24:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/27/2013 4:24:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf 6/27/2013 4:24:20 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/27/2013 4:24:20 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:20 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:20 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:20 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:19 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/27/2013 4:24:19 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/27/2013 4:24:19 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/27/2013 4:24:19 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/27/2013 4:24:19 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2013 11:47:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.708.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: David-PC\David Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 6/26/2013 11:47:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.708.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: David-PC\David Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 6/26/2013 11:41:14 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.153.667.0;1.153.667.0 Engine version: 1.1.9402.0 6/26/2013 10:51:59 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{9a7623da-4817-11e0-bb8e-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost. 6/26/2013 10:35:23 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.153.586.0;1.153.586.0 Engine version: 1.1.9402.0 6/26/2013 10:35:18 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 6/25/2013 7:44:24 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 6/22/2013 5:33:23 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781. 6/22/2013 5:33:23 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B. 6/22/2013 10:04:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/22/2013 10:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/22/2013 1:29:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{9a7623da-4817-11e0-bb8e-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9CD8DAC6-65F1-4D73-9BCC-CD621B51D2C4}' was corrupted and it has been recovered. Some data might have been lost. 6/21/2013 8:31:34 PM, Error: Service Control Manager [7030] - The Local System Utility service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/21/2013 7:54:46 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 6/21/2013 7:34:44 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 6/21/2013 7:20:31 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 6/21/2013 7:01:24 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 . ==== End Of File =========================== Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] MVPS Hosts File SpywareBlaster 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 [color=red]Adobe Reader out of Date![/color] Mozilla Firefox (22.0) Mozilla Thunderbird (17.0.7) [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 0% [u]````````````````````End of Log``````````````````````[/u]
	actions · 2013-Jun-28 12:43 am ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM Please download AdwCleaner by Xplode onto your desktop: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner - Close all open programs and internet browsers. - Double click on AdwCleaner.exe to run the tool. - Click on Delete. - Follow the prompts to reboot the computer. A text file will open after the restart. - Please post the content of that logfile with your next answer. - You can find the logfile at C:\AdwCleaner[S1].txt as well. Please download Junkware Removal Tool to your Desktop: »www.bleepingcomputer.com/downloa···al-tool/ - Disconnect from the Internet (unplug your connection to your router or modem). - Please close your security software to avoid potential conflicts. - Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator. - The tool will open and start scanning your system. - Please be patient as this can take a while to complete, depending on your system's specifications. - On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. - Restart your security software and reconnect to the Internet. - Please post the contents of JRT.txt into your reply. Please post the logs from AdwCleaner and the Junkware Removal Tool, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-28 7:01 pm ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable	Ryan PD I did not encounter any errors or problems running programs or following and completing your directions. # AdwCleaner v2.303 - Logfile created 06/28/2013 at 23:39:45 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : David - DAVID-PC # Boot Mode : Normal # Running from : C:\Users\David\Downloads\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * Folder Deleted : C:\Program Files (x86)\SaveValet Folder Deleted : C:\ProgramData\eSafe Folder Deleted : C:\Users\David\AppData\Local\getsav-in Folder Deleted : C:\Users\David\AppData\Roaming\eIntaller * [Registry] * Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\SocialBit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} * [Internet Browsers] * -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\l6is9tdb.default\prefs.js [OK] File is clean. *********************** AdwCleaner[S1].txt - [1383 octets] - [28/06/2013 23:39:45] ########## EOF - C:\AdwCleaner[S1].txt - [1443 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by David on Fri 06/28/2013 at 23:59:08.05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\l6is9tdb.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/29/2013 at 0:01:39.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	actions · 2013-Jun-28 8:12 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5	TheJoker VIP,MVM Please download Farbar Service Scanner: http://download.bleepingcomputer.com/farbar/FSS.exe - Save it to your Desktop. - Double-click FSS.exe to run it. -- Check all the boxes. -- Press "Scan". -- It will create a log (FSS.txt) in the same directory the tool is run. -- Please copy and paste the log to your reply. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-29 9:51 am ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable	Ryan PD Farbar Service Scanner Version: 27-06-2013 Ran by David (administrator) on 29-06-2013 at 15:04:36 Running from "C:\Users\David\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal ************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit End of log **
	actions · 2013-Jun-29 11:05 am ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5	TheJoker VIP,MVM I don't see anything left that can be identified as V9, do you still see any remnant of it in your browser? However: quote: WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. I recommend you turn on the Windows Defender Service. Press the Windows key on the keyboard, and while holding it down press the "R". In the Run windows that opens type services.msc and click OK. When the Services Window opens, scroll down to Windows Defender, and double-click on that item. Under Service state, chick Start Under Startup type, change the entry to Automatic in the drop-down menu, and click OK, and close the Service window. In the Event Viewer log, there are errors that Microsoft Antimalware can't update the signatures, and a file is missing. I would uninstall and reinstall Microsoft Security Essentials. To uninstall Microsoft Security Essentials (MSE), go to Start > Control Panel > Programs and Features, right-click on Microsoft Security Essentials, and select uninstall. Restart your system Then go to »windows.microsoft.com/en-us/wind···download and download and reinstall MSE. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-29 8:52 pm ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable	Ryan PD I do not detect any traces of it anywhere including the three browsers. Thanks for your extensive help and the education too. (At least I hunted down through the OS and nailed the sucker V9--little but some satisfaction) For reasons unrelated to the V9 issue I was considering reinstalling Windows in about two weeks. With the assumption I am going to do that do you recommend I first do what you recommend before reinstalling or just forget about doing the changes you mention and an install will take care of your recommendations. Finally I am thinking of replacing MSE. If so just uninstall before downloading its replacement? If these are all questions I should ask in security forum rather than you just let me know and I'll move on down the road you direct me to go. Thanks again. Impressive work and you and this forum are a valuable asset the members.
	actions · 2013-Jun-29 9:06 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM quote: For reasons unrelated to the V9 issue I was considering reinstalling Windows in about two weeks. Were you having other errors? If so, this Event Viewer entry might explain that: quote: 6/27/2013 4:32:33 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. quote: With the assumption I am going to do that do you recommend I first do what you recommend before reinstalling or just forget about doing the changes you mention and an install will take care of your recommendations. A reinstall of Windows and your applications would take care of the potentially missing date (log entry above). quote: Finally I am thinking of replacing MSE. If so just uninstall or just disable before downloading it's replacement? I would first download the program you were going to replace it with (Avast! Free would be an excellent choice). Then once you have the replacement program ready: - Disconnect from the Internet (pull your modem connection). - Go to Start > Control Panel > Programs and Features, right-click on Microsoft Security Essentials, and select Uninstall. - Restart your system. - Then install your replacement antivirus program. - Reconnect to the Internet and update the antivirus program. If you decide to completely reinstall Windows, I would have a copy of your intended antivirus program on-hand to install before you do that. You can find a tutorial on installing Windows here: »www.blackviper.com/os-install-gu···l-guide/ But briefly: - Disconnect from the Internet (pull the modem cable) - Reinstall Windows - Install your Antivirus program. - Reconnect to the Internet, update Windows and your antivirus program. - You should give the Administrator account a password, and create a limited rights account for everyday use. I would not install Java unless you have a program or web site that require it (most do not). I would also read this topic for info on other programs you can run to help protect your system (such as SpywareBlaster) - »Security Cleanup FAQ »How do I prevent Browser Hijacks and Spyware? Does that help? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-29 9:32 pm ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable	Ryan PD Got all the info I need with the final chapter by you. Java never will ever again be installed on my Windows. Dropped it six months ago. I have all ways used Spyware Blaster and Avast was exactly the MSE replacement I was considering.
	actions · 2013-Jun-29 9:58 pm ·
Ryan PD Premium join:2013-04-18 kudos:1 Reviews: ·Champion Broadba.. ·Time Warner Cable 1 edit	Ryan PD reply to TheJoker said by TheJoker: quote: WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. I recommend you turn on the Windows Defender Service. Press the Windows key on the keyboard, and while holding it down press the "R". In the Run windows that opens type services.msc and click OK. When the Services Window opens, scroll down to Windows Defender, and double-click on that item. Under Service state, chick Start Under Startup type, change the entry to Automatic in the drop-down menu, and click OK, and close the Service window. In the Event Viewer log, there are errors that Microsoft Antimalware can't update the signatures, and a file is missing. I would uninstall and reinstall Microsoft Security Essentials. Windows Defender will not start or turn on. When I start the process it begins its process to turn on but then stops and gives me the error message: quote: The Windows Defender service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. I did some sleuthing and I think what other services it may be referring to are: This service [Windows Defender] depends on the following system components: Remote Procedure Call (RPC) DCOM Server Process Launcher RPC Endpoint Mapper I successfully uninstalled and reinstalled (for now) MSE. ADDENDUM SEPERATE JUST FYI: You asked if I wanted to reinstall Windows because I was having problems. Yes a series of hiccups and minor glitches. The most notable is that on the Fox News Web Site and ONLY on the Fox News Web Site their videos will not play. They stopped about two weeks ago. Worked perfect before then. No one but no one can find a cause. All known settings are up to date and installed. All other videos and streaming video from any other site works fine.
	actions · 2013-Jun-29 11:07 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5	TheJoker VIP,MVM quote: Windows Defender will not start or turn on. One of the dependencies you found (probably on the blackviper site) is needed for a great many other services to run, and it's also one of the services that was giving errors in the Event Viewer log. Reinstalling Windows would correct that. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	actions · 2013-Jun-30 11:33 am ·
your moderator at work

Forums → Broadband Tech → Security → Security Cleanup	« [Virus] Could you check these results? • Remove PC Cleaner Pro »