Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Very slow, freezes, Windows Update will not update, 25 suspicious host


  • This topic is locked This topic is locked
79 replies to this topic

#61 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 12 July 2014 - 11:47 PM

Ok whatever you think is best. 

Guess what? This figures after I said it was running fine, but this evening I started up the system and it froze after windows loaded. I noticed Sec Essen was red with an X thru it, so I rebooted and it froze with a black screen. I shut it down an waited 5 min, then rebooted. Start Up Repair started with a message saying the "System could not start". Then it did a System Restore. Under Diagnostics and Repair Details it said the Root Cause Found:

"unspecific changes to system configuration might have caused the problem"

Here's the thing, Its dated 7/13/2014 5:15:49 a.m. (GMT) !! Maybe thats the problem. You had me check the date in the beginning and I assumed its the date that appears at the bottom of screen. Somewhere in the system the date is wrong. 


    Advertisements

Register to Remove


#62 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 July 2014 - 12:25 AM

Hi NoNo,

Go to Start > Control Panel > Date and Time

You should see a window similar to the one shown below.

DateandTime_zpsefe8e417.gif

  • Change the Date & Time if necessary
  • Change Time Zone as needed
  • Click Apply to set changes
  • Then OK, and close window
  • Exit the control panel.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#63 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 13 July 2014 - 10:06 PM

Hi - I checked and the time is correct. I don't know why the time was showing incorrect.

Also, I just went into Task Scheduler and I received 2 warnings.  1. A Catastrophic Failure  2.Corrupt and tampered with :rant2:

I included the images.  Wow.  

 

 

Attached Thumbnails

  • task schedulerCapture.JPG
  • TaskCapture.JPG


#64 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 July 2014 - 11:27 AM

Hi NoNo,

This doesn't appear to be malware related. It could be a hardware issue also, possibly a failing hard drive.

I think it's time we clean up from the malware removal and refer you over to the Tech Team to see if they can sort out what might be going on.

Follow my clean up steps (below), then you can post a new topic in the General Hardware Forum.

With that in mind I'm going to refer you to our Tech Team in the General Hardware Forum

Give a brief description of the problem along with a link to this thread so the Tech Team helper can see what we have done already.
http://forums.whatth...c=128265&page=1

= = = = = = = = = = = = = = = = = = = =

Here are a few steps to clean up any tools we have used during the malware removal process.

We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • DO NOT select Purge system restore <--- IMPORTANT
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Java 7 Update 55

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 7 Update 60) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#65 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 14 July 2014 - 07:07 PM

Hi - Ok I will get to work on the above steps. I have a few programs that I have used from troubleshooting with WTT that should prob be removed. These  don't show up in Prog and Features. What is the best way to uninstall these programs:

  • aswMBR
  • esetsmartinstaller_enu
  • JRT
  • OTL (2 applications)
  • RevoUninProSetup
  • SecurityCheck
  • tdsskiller
  • tweeaking.com windows repair tool
  • k2deyho
  • Microsoft Fixit - (2 applications)
  • MiniToolBox
  • Malwarebytes Anti-Malware
  • Malwarebytes AntiRoot

I wanted to thank you so much for helping me with so many problems. I really appreciate ALL your help and expertise. I don't know what i would do without your help.  :clap:  :notworthy:  :thumbup:

 

-NoNo  :adios:



#66 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 July 2014 - 10:13 PM

Hi NoNo,

If you still have Revo Uninstaller installed you can use it to remove the remainder of the programs. If not, or they are not listed in Revo you can just delete them from your desktop. You may want to keep Malwarebytes' Anti-Malware. It's a good on demand scanner to have on hand.

You're very welcome. Glad I was able to help. :thumbup: Have a great day.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#67 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 July 2014 - 07:53 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#68 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 21 July 2014 - 02:29 AM

Hi - Im back! They referred me back to you. Here is the link to my post that might explain why:

 

http://forums.whatth...128427&p=851966

 

Thank you,

NoNo



#69 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 July 2014 - 09:30 AM

Hi NoNo,

 

Sorry for any delay getting back to you. I had unsubscribed to your thread and was looking around and found it was reopened by paws. :blush:

 

Does AVG provide you with a log file after a scan is complete?

 

If so, please copy and paste it here for review. If not please advise.

 

Also, can you give me a explanation of any symptoms you are experiencing at the moment. (other than the windows update issue)

 

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#70 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 22 July 2014 - 02:18 PM

Hi- Thats ok, no problem. ya still cant update and it takes forever to start up, freezing with a black screen or on the welcome screen. Sometimes the internet connection icon is there and sometimes its not. I ran the AVG PC Analyzer, but did not click "Fix Now" to download PCTuneup to fix the 900 errors it found!
Here is the scan log, The first 2 could not be removed to the vault. The others have been removed to the vault (secured-healed). Since the scan, a new process has been running called CTF Loader( ctfmon.exe, located in C:\Windows\System32). Actually its an old process created in 2006, but I've never seen it running. 
 
AVG Scan log
"Whole Computer Scan"
"Medium severity";"5";"3";"2"
"Notifications";"2";"0";"2"
"Scanned folders:";"Scan Whole Computer"
"Started:";"7/18/2014, 1:49:28 PM"
"Finished:";"7/18/2014, 3:20:34 PM"
"Scanned items:";"204151"
"Launched by:";"gogo"
 
"Name";"Description";"Status";"Status";"Priority"
"C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-2cf0dce1.exe";"Corrupted executable file";"Infected";"Infected";"Medium"
"C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-df6a2057.exe";"Corrupted executable file";"Infected";"Infected";"Medium"
"C:\Users\gogo\Desktop\Security 2014\backups\backup-20131206-012817-874.dll";"Adware Generic5.AKZG";"Secured";"Healed";"Medium"
"C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-9fbd2e5.exe";"Corrupted executable file";"Secured";"Healed";"Medium"
"C:\Users\gogo\Desktop\Security 2014\backups\backup-20131206-012817-254.dll";"Adware Generic5.AKZG";"Secured";"Healed";"Medium"
"C:\Users\Kids\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll";"The file is signed with a broken digital signature, issued by: Sony Online Entertainment.";"Notification";"Infected";"Message"
"C:\Users\gogo\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll";"The file is signed with a broken digital signature, issued by: Sony Online Entertainment.";"Notification";"Infected";"Message"
 
Thank you,
NoNo

    Advertisements

Register to Remove


#71 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 July 2014 - 03:17 PM

Hi NoNo,

Did your AVG scan pick up these issues after we finished the last time?
 

I ran the AVG PC Analyzer, but did not click "Fix Now" to download PCTuneup to fix the 900 errors it found!

Although this product is from AVG when you start dealing with cleaners that claim to clean up the Registry you are probably asking for problems. It is never good to be using a cleaner or making changes manually to the Registry unless you know what you are doing. making the wrong changes can render your computer unbootable. My advice would be to stay away from this program.
 

Since the scan, a new process has been running called CTF Loader( ctfmon.exe, located in C:\Windows\System32). Actually its an old process created in 2006, but I've never seen it running.


The file and it's location in the System32 folder is normal, but here is some information about ctfmon.exe
http://www.bleepingc...n.exe-1121.html
http://support.microsoft.com/kb/282599
http://www.paretolog...ctfmon_exe.aspx

=========================

bullseye_zpse9eaf36e.gif MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

=========================

bullseye_zpse9eaf36e.gif Farbar Service Scanner

Please download Farbar Service Scanner and save it to your desktop.

  • Right click and select "Run as Administrator"
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

=========================

bullseye_zpse9eaf36e.gif Enable Hidden Files & Folders :

To enable the viewing of hidden and protected system files in Windows please follow these steps:

  • Close all programs so that you are at your desktop.
  • Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
  • Click on the Control Panel menu option.
  • When the control panel opens you can either be in Classic View or Control Panel Home view:

    If you are in the Classic View do the following:
    • Double-click on the Folder Options icon.
    • Click on the View tab.
    • Go to step 5
    If you are in the Control Panel Home view do the following:
    • Click on the Appearance and Personalization link.
    • Click on Show Hidden Files or Folders.
    • Go to step 5.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the check mark from the check box labeled Hide extensions for known file types.
  • Remove the check mark from the check box labeled Hide protected operating system files.
  • Press the Apply button and then the OK button.

=========================

bullseye_zpse9eaf36e.gif Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

  • C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-2cf0dce1.exe
  • C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-df6a2057.exe
  • C:\Users\Kids\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
  • C:\Users\gogo\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll

Exit Explorer

=========================

In your next post please provide the following:

  • Result.txt
  • FSS.txt
  • Answer to question asked.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#72 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 23 July 2014 - 02:46 PM

Hi - Yes it was after we had finished that AVG found the issues. I downloaded AVG and uninstalled Security Essentials after doing most of the instructions in post #64. I have not installed CryptoPrevent yet, but I want to. There are a few prog that are not installed in the right place (downloads instead of Programs), and I wasnt sure how to configure those in CryptoPrevent to be able to use them. We can do that later after we figure out the current issues.  Here are the logs u requested:

 

Result.txt:

MiniToolBox by Farbar  Version: 21-07-2014
Ran by gogo (administrator) on 23-07-2014 at 12:55:18
Running from "C:\Users\gogo\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
 
There are 15473 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GoGo
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 00-26-5E-5F-E0-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-E0-D7-C0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{C922B5CC-8097-4DF3-B14B-264696D80453}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{85654884-94CF-4105-B782-AFFF3610D24B}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 14 ...00 26 5e 5f e0 4c ...... Atheros AR5009 802.11a/g/n WiFi Adapter
 10 ...00 1f 16 e0 d7 c0 ...... Realtek PCIe FE Family Controller
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  isatap.{C922B5CC-8097-4DF3-B14B-264696D80453}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 11 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 15 ...00 00 00 00 00 00 00 e0  isatap.{85654884-94CF-4105-B782-AFFF3610D24B}
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/21/2014 09:56:25 PM) (Source: Application Hang) (User: )
Description: The program Cisco Connect.exe version 1.4.12263.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2e98
Start Time: 01cfa569169d2bf0
Termination Time: 31
 
Error: (07/21/2014 05:39:49 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GOGO\PICTURES\PHOTODIRECTOR\3.0\GOGO-1\GOGO-1.PHD-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (07/17/2014 05:21:27 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12ac
Start Time: 01cfa21e2ddcef18
Termination Time: 16
 
Error: (07/03/2014 01:23:29 PM) (Source: Application Hang) (User: )
Description: The program msinfo32.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1414
Start Time: 01cf96fb221bf131
Termination Time: 16
 
Error: (07/01/2014 11:37:59 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context:  Application, SystemIndex Catalog
 
Error: (07/01/2014 11:31:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp4748000ffff
 
Error: (07/01/2014 11:30:21 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7
 
Error: (06/30/2014 01:58:24 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/27/2014 08:06:00 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp4748000ffff
 
Error: (06/27/2014 08:01:59 PM) (Source: Application Error) (User: )
Description: Faulting application hl2.exe, version 0.0.0.0, time stamp 0x533e5a38, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7,
process id 0xcbc, application start time 0xhl2.exe0.
 
 
System errors:
=============
Error: (07/23/2014 01:00:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/23/2014 00:59:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/23/2014 00:50:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/23/2014 00:49:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/23/2014 00:40:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/23/2014 00:39:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/23/2014 00:30:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/23/2014 00:29:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/23/2014 00:20:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/23/2014 00:19:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-30 02:58:26.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-30 02:58:25.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:21:24.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:21:24.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:45.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:45.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:25.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:25.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:15:07.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:15:07.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
 
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Bandizip (HKCU\...\Bandizip) (Version: 3.09 - Bandisoft.com)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PhotoDirector 3 (Version: 3.0.3618 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2328 - CyberLink Corp.) Hidden
DFX (HKLM\...\DFX) (Version: 10.137.0.0 - Power Technology)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Goat Simulator (HKLM\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Instant Housecall Remote Support (HKLM\...\Instant Housecall) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}) (Version: 9.0.2.25 - Apple Inc.)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pivot Animator version 4.1.10 (HKLM\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 37%
Total physical RAM: 3002.45 MB
Available physical RAM: 1883.11 MB
Total Pagefile: 6241.14 MB
Available Pagefile: 5097.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.96 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:287.17 GB) (Free:130.41 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.28 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GOGO
 
Administrator            gogo                     Guest                    
Kids                     
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\Mini011412-01.dmp
C:\Windows\Minidump\Mini032411-01.dmp
C:\Windows\Minidump\Mini032911-01.dmp
C:\Windows\Minidump\Mini052413-01.dmp
C:\Windows\Minidump\Mini061612-01.dmp
C:\Windows\Minidump\Mini062411-01.dmp
C:\Windows\Minidump\Mini071411-01.dmp
C:\Windows\Minidump\Mini072911-01.dmp
C:\Windows\Minidump\Mini080713-01.dmp
C:\Windows\Minidump\Mini083111-01.dmp
C:\Windows\Minidump\Mini090912-01.dmp
C:\Windows\Minidump\Mini120312-01.dmp
C:\Windows\Minidump\Mini120912-01.dmp
C:\Windows\Minidump\Mini121312-01.dmp
C:\Windows\Minidump\Mini121712-01.dmp
 
**** End of log ****
--------------------------------------------------------------------------------------------------------------------------------------------------
FSS.txt
Farbar Service Scanner Version: 21-07-2014
Ran by gogo (administrator) on 23-07-2014 at 13:15:22
Running from "C:\Users\gogo\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
Thank you,
NoNo


#73 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 July 2014 - 08:34 PM

Hi NoNo,
 

Yes it was after we had finished that AVG found the issues.

Well that's good. That's what you want it to be able to do. :thumbup:  But it should be able to remove or quarantine the files. :huh:

  • Have you had anymore instances with AVG finding malware that it couldn't fix or remove?
  • Are you experiencing any other symptoms besides the updating issue?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#74 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 24 July 2014 - 01:45 AM

Hi-

Well it found the files I had removed earlier to the recycle bin. I emptied the bin after I saw I forgot to do it earlier. AVG said the files were larger than it could remove. Ill have to see if there is a setting to set the max file size for removal. 

Except for the updating issue, its running pretty good. 

Were the corrupted files that were recently deleted the reason CTFloader never ran before?  


Edited by NoNo, 24 July 2014 - 01:47 AM.


#75 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 July 2014 - 07:38 PM

Hi NoNo,
 

Well it found the files I had removed earlier to the recycle bin. I emptied the bin after I saw I forgot to do it earlier. AVG said the files were larger than it could remove. Ill have to see if there is a setting to set the max file size for removal.

I'm not sure if AVG has such a setting. But it's worth a look.
 

Were the corrupted files that were recently deleted the reason CTFloader never ran before?

Which corrupt files are you referring to?


 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users