Jump to content

Steve83

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Memphis, TN, USA, Earth, Milky Way
  • Interests
    Broncos, off-roading, Crown Vics, speeding tickets, DVDs, old movie quotes
  1. I don't know what you mean about circles. I'm doing what you're suggesting in the order you said. The only problem is that MBAM-checker won't run for me while MBAM is installed. Did you read post #19?
  2. I ran avast again (waste of time), unplugged the Ethernet, then installed the latest MBAM (downloaded a few days ago) & ran it, then plugged in Ethernet, updated MBAM, and ran it again. It never finds any problems - not one. And now MBAM-Checker won't run again.
  3. I jerked out the external HDD's USB, and it took almost a minute before the sound of disconnected hardware was played. But I opened the cleaner tool. AFTER disabling avast & closing all applications, I let it start & it seemed to run. I let it boot when it wanted to, but then I restarted in an admin account, and was finally able to run mbam-checker. Its log is attached. Firefox I already attached (or posted) the other 2 earlier in this thread. CheckResults.txt
  4. Scanning C:, avast showed no threats found. Scanning my external HDD, it hung on a Thumbs.db file, and one instance of mbam.exe*32 (with NO description) appeared in TaskMan, and I couldn't end it. I ended the scan & restarted it, and it hung on a different Thumbs.db file.
  5. I was able to get at them by right-clicking my avatar, clicking "Save as", and then browsing the folder structure. So I'm running avast! on C: first - not that avast! seems to have ever stopped ANYTHING from getting onto my system, or removed it once it was here.
  6. As of last night, when I right-click the desktop, I only get the rotating cursor for a long time - no context menu. And I can't click anything on the desktop. And when I click Windows Explorer in the shortcut menu, a small window pops up saying "System Call failed." with only an "OK" button. (WHY is there never a "No, that's NOT OK" button???) So even though I already downloaded the cleaner tool & the new version of MBAM, I can't get to them now.
  7. No, I haven't made much progress on this - it's a busy time... But the first thing in the article you linked says to only use that cleaner tool if the normal uninstall doesn't work. How will I know if I need to use the cleaner tool?
  8. While I was reading about the cleaning tool, I noticed in its file Properties at the bottom of the General tab that it's "blocked to protect this computer", so I clicked the "Unblock" button. Then I went to mbamcheck and did the same thing, but it still won't let me run it. Same permission error.
  9. I don't use IE, and I think it's uninstalled in Programs & Features. Is malware known to bring in old versions of IE? Does TaksMan look suspicious to you? I don't recognize several of the entries in it, like SearchProtocol (which appears momentarily & disappears for ~30sec), that Akamai NetSession installer, AlertHelper (do I need help with alerts?), aitkexComSvc (or whatever it is), COM Surrogate (which I never like to see), 2 DWMs (why do the windows need to be managed?), EzUpdate (updating WHAT???), 2 crash handlers, 2 Live IDs, 2 Paints (I was only running 1 to collect the screenshots), and a windows installer (I wasn't installing anything - the desktop had only JUST appeared). The previous screenshots from when I was logged in as a regular user don't show most of that stuff. When I logged in to my admin account, the screen stayed black for a long time behind an MBAM Chameleon command prompt window that wasn't doing anything. Eventually, I had to start TaskMan to end the application before I got the desktop, but my TaskMan screenshots show Chameleon is trying to run firefox.com (which I don't think is installed).
  10. Even logged in as an administrator, I still don't have permission to run mbamchecker. Addition.txt FRST.txt
  11. I don't have permission to run mbamcheck, and since I had to reset, TaskMan doesn't show the 950 instances.
  12. It froze when I started reading your reply, and never unfroze, so I unplugged my external HDD and hit reset. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01 Ran by Steve (ATTENTION: The user is not administrator) on PINK6CORE (15-01-2016 11:33:27) Running from C:\Users\Steve\Desktop Loaded Profiles: Steve (Available Profiles: Steve B & Steve) Platform: Windows 7 Ultimate (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> winlogon.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> nvSCPAPISvr.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> AvastSvc.exe Failed to access process -> nvxdsync.exe Failed to access process -> nvvsvc.exe Failed to access process -> spoolsv.exe Failed to access process -> taskeng.exe Failed to access process -> svchost.exe Failed to access process -> AdAppMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe Failed to access process -> armsvc.exe Failed to access process -> atkexComSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe Failed to access process -> aaHMSvc.exe Failed to access process -> AsSysCtrlService.exe Failed to access process -> Connect.Service.ContentService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Autodesk Inc.) C:\Users\Steve\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe Failed to access process -> dsHttpApiService.exe Failed to access process -> E_S40STB.EXE Failed to access process -> E_S40RPB.EXE Failed to access process -> mbamscheduler.exe Failed to access process -> mbamservice.exe Failed to access process -> svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> WLIDSVCM.EXE Failed to access process -> WmiPrvSE.exe Failed to access process -> AvastVBoxSVC.exe Failed to access process -> SearchIndexer.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> svchost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe Failed to access process -> wmpnetwk.exe Failed to access process -> svchost.exe Failed to access process -> WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe Failed to access process -> dllhost.exe Failed to access process -> sppsvc.exe Failed to access process -> svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software) HKLM-x32\...\RunOnce: [0] => C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.com [893752 2015-06-18] (MalwareBytes) HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\24432de7-2437-42a8-9c2d-8054d50f44f8.exe [183232 2015-12-17] (AVAST Software) HKU\S-1-5-21-4094499240-2171833406-46901898-1003\...\MountPoints2: {afe35463-2079-11e5-a7ba-5404a6423961} - G:\VerizonWirelessUpgradeAssistantSetup.exe -a HKU\S-1-5-21-4094499240-2171833406-46901898-1003\...\MountPoints2: {afe35466-2079-11e5-a7ba-5404a6423961} - M:\iLinker.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-03] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{936706AC-7C13-47D3-977D-E7A336C159BA}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-20] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-01-15] CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03] CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Add to Amazon Wish List) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-07-03] CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-07-03] CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-07-03] CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-19] CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-15] CHR Extension: (Save to Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-07-03] CHR Extension: (Avast Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-24] CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-10-12] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-10-12] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-10-12] (ASUSTeK Computer Inc.) R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-14] (Avast Software) R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-05-30] (Dassault Systèmes) [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-10-12] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-10-12] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-03] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-03] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [109272 2015-07-27] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-03] (AVAST Software) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-14] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-15 11:33 - 2016-01-15 11:33 - 01696144 _____ (Malwarebytes) C:\Users\Steve\Desktop\mbam-check-2.3.0.0.exe 2016-01-15 11:33 - 2016-01-15 11:33 - 00016964 _____ C:\Users\Steve\Desktop\FRST.txt 2016-01-15 11:33 - 2016-01-15 11:33 - 00000000 ____D C:\FRST 2016-01-15 11:32 - 2016-01-15 11:32 - 02370560 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-15 11:31 - 2009-07-13 23:13 - 00783218 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-15 11:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf 2016-01-15 11:27 - 2015-06-30 18:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-15 11:26 - 2015-06-30 23:46 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-15 11:26 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-15 10:28 - 2015-06-30 18:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-15 02:23 - 2009-07-13 22:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-15 02:23 - 2009-07-13 22:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ==================== Files in the root of some directories ======= 2015-07-06 18:42 - 2015-07-06 18:42 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Some files in TEMP: ==================== C:\Users\Steve B\AppData\Local\Temp\AcDeltree.exe C:\Users\Steve B\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Steve B\AppData\Local\Temp\_is8A55.exe C:\Users\Steve B\AppData\Local\Temp\_is915.exe C:\Users\Steve B\AppData\Local\Temp\_isEB29.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 Ran by Steve (2016-01-15 11:34:07) Running from C:\Users\Steve\Desktop Windows 7 Ultimate (X64) (2015-06-29 21:55:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4094499240-2171833406-46901898-500 - Administrator - Disabled) Guest (S-1-5-21-4094499240-2171833406-46901898-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4094499240-2171833406-46901898-1002 - Limited - Enabled) Lisa (S-1-5-21-4094499240-2171833406-46901898-1004 - Limited - Enabled) Steve (S-1-5-21-4094499240-2171833406-46901898-1003 - Limited - Enabled) => C:\Users\Steve Steve B (S-1-5-21-4094499240-2171833406-46901898-1000 - Administrator - Enabled) => C:\Users\Steve B ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk) ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.) AMD Catalyst Install Manager (HKLM\...\{F02E145C-56BD-9AED-7816-9067D84A8D28}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology) AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk) Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk) Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk) Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DraftSight 2015 SP3 x64 (HKLM\...\{D63D8992-93C6-4998-A744-3E6870015FFC}) (Version: 13.3.1037 - Dassault Systemes) EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation) FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4094499240-2171833406-46901898-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{214895C1-F9E2-4819-B6FF-F7C80D9B5803}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{7058A81E-C1C2-4F68-98BA-317E9C3E0124}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{ECBB9492-C154-41FA-8A4A-5B3A642CE53A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{C63C1BC1-9811-4922-B29C-7F05706B2DD2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{A295ADDD-64B7-411C-90FB-030413279AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D645EBCE-A28C-4F35-B6C2-2B71E88BD8CD}] => (Allow) LPort=2869 FirewallRules: [{7D966CBD-8C24-48AC-9A9D-DD9C7BFBAA79}] => (Allow) LPort=1900 FirewallRules: [{91788F5A-B266-4A56-8017-D8B270485879}] => (Allow) LPort=50248 FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [TCP Query User{1A66EBF3-0987-491D-A1FF-9856747CF09E}C:\users\steve b\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\steve b\appdata\local\akamai\netsession_win.exe FirewallRules: [uDP Query User{779148EF-4D33-4BC7-B181-B4CD26F916FF}C:\users\steve b\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\steve b\appdata\local\akamai\netsession_win.exe FirewallRules: [{4A431B96-8361-4A2F-A43D-97ADE84A472B}] => (Allow) C:\Users\Steve B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{A57C3794-F3EC-4736-9829-51DB3918B82E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{7F244A87-EE23-4074-9E8A-BC5FBF7B221B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{2962EC4A-0041-469B-97BC-1AE72AA1755D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: hp scanjet 7400c Description: hp scanjet 7400c Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/11/2016 11:11:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired. . Error: (01/11/2016 11:09:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired. . Error: (01/11/2016 11:09:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation. . System errors: ============= Error: (01/15/2016 11:26:32 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:24:45 AM on ‎1/‎15/‎2016 was unexpected. Error: (01/15/2016 11:26:05 AM) (Source: mbamchameleon) (EventID: 28930) (User: ) Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007 Error: (01/15/2016 11:26:05 AM) (Source: mbamchameleon) (EventID: 28929) (User: ) Description: Mbamchameleon failed to initiate File System filtering - C01C0007 Error: (01/14/2016 12:22:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (01/14/2016 12:22:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. CodeIntegrity: =================================== Date: 2015-12-19 16:25:08.959 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-19 16:25:08.959 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-04 01:25:10.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-04 01:25:10.980 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-18 00:57:56.235 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-18 00:57:56.235 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-6100 Six-Core Processor Percentage of memory in use: 19% Total physical RAM: 16329.36 MB Available physical RAM: 13080.52 MB Total Virtual: 32656.85 MB Available Virtual: 29153.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:392.78 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================
  13. Win7Ultx64 Chrome in a pro-built box with AMD FX-6100 6-core 3.3GHz & 16GBRAM; very little installed software - mostly CAD, but all name-brand I'm getting infrequent system freezes (maybe 1 or 2 per day) where the cursor moves intermittently, and then stops moving for ~10-15 minutes. During that time, it may simply freeze as-is, or it may change to the pulsing blue ring. For very brief moments, it may jump if I've moved the mouse recently, but I can't actually make anything happen, even with the keyboard. After a while, it goes back to working like nothing happened, and I see no signs of active malware. But I do see almost a thousand instances of MBAM running (23 pages of 41), and I don't have permission to end any of them (of the few that I tried). What's going on, and are these 2 related? Do I need to upload screenshots of TaskMan & Programs? Thanks.
  14. I got it a few months ago (I assume via a fake FedEx e-mail because I ship & receive a lot, so I'm used to opening them) on this system, so the guy who built it (I bought it used from his company) reinstalled the OS for me. But apparently, he didn't clean the 2 extra HDDs, or maybe I opened another fake e-mail (I've already spotted a few that I didn't open, but maybe one got by me). It's back. Fortunately, there's virtually no data left for it to shred, but it's really annoying when it interrupts my MP3s. When it hit the first time, MediaPlayer would skip over the scrambled songs, so I didn't catch it until so many were gone that it just scanned for a while. This time, I wasn't sure if it was new, or if I was encountering old damage. So I deleted all the "Install_TOR" files, but they reappeared, so it's still active. IDK if it has migrated back onto the main HDD from one of the extras, or if it came in again from an e-mail. One other little thing to mention: On the intro page, there's a link called something like "I'm infected - what do I do now?" It's broken because part of the URL (in the middle) is missing. After getting "this page doesn't exist" a few times (both on this computer AND my phone), I back up, snagged the URL, and fixed it enough to get to the correct page. Maybe someone could look into that... Anyway; the FRST logs are attached. (They were too long to embed.) Thanks in advance... Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.