Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected wih Cryptodefense ransomware, please help.

Started by mary58 , Mar 29 2014 05:18 PM

Cryptodefense ransomware

Please log in to reply

#16
mary58

Posted 03 April 2014 - 01:54 PM

Member

Topic Starter
Member
105 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Jim at 2014-04-03 12:50:43
Running from C:\Users\Jim\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C309g-m (Version: 130.0.396.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows2.0) (Version: 2.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.02 - Piriform)
Dell Games (HKLM\...\WildTangent dell Master Uninstall) (Version: DELLTF0401 - WildTangent)
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version: - Dell, Inc.)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Garmin Communicator Plugin (HKLM\...\{8131E9E7-BA33-472D-99AE-231457F5027F}) (Version: 2.2.1.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO U.S. 2008 (HKLM\...\{47BA74C5-1890-4ED2-954A-AD11186D8E26}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20100830 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GraphicView 32 (HKLM\...\GraphicView 32) (Version: - )
GSAK 7.2.0.126 (Final) (HKLM\...\GSAK_is1) (Version: - CWE computer services)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LEGO MINDSTORMS NXT - English Language Pack (HKLM\...\{D2B8DB3C-E5F0-48CA-810E-87DFD5603DC2}) (Version: 1.1.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver (HKLM\...\{99B66D96-5BB2-42DF-BF7C-432285A1E5A5}) (Version: 1.16.769 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v1.1 (HKLM\...\{CDE4B478-F489-444D-900C-A9812569E6D2}) (Version: 1.1.338.0 - LEGO)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Odyssey Client (HKLM\...\{99D42EC7-652B-4819-B3E6-6450C815E03F}) (Version: 2.00.00.00 - Funk Software)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PS_AIO_06_C309g-m_SW_Min (Version: 130.0.396.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}) (Version: 7.2.11 - Dell Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SnowFox Total Video Converter 2.5.1.0 (HKLM\...\SnowFox Total Video Converter_is1) (Version: - )
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
Turbo Lister 2 (Version: 2.0.0 - eBay) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune (HKLM\...\WT024486) (Version: WT024486 - WildTangent)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Yahoo! Music Jukebox (HKLM\...\{7C49EA42-5647-4051-84C2-E6404F25A931}) (Version: 2.0.1.041 - Yahoo!)

==================== Restore Points =========================

27-03-2014 19:04:07 Windows Update
28-03-2014 19:13:01 Windows Update
28-03-2014 22:52:46 Windows Update
31-03-2014 00:39:11 Scheduled Checkpoint
02-04-2014 00:57:31 Scheduled Checkpoint
02-04-2014 19:12:47 Windows Update

==================== Hosts content: ==========================

2006-11-02 03:23 - 2014-03-23 17:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0561C6EC-BFD2-4A91-834F-BC7E83FDB44A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3AA468BC-E2C2-4C63-9213-7A3F8B72D344} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5A8F9E4D-A525-497F-9734-61311452BE4A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6892F449-64B5-485E-ADAA-5ED6669ACBEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {9C432BEE-85AE-4E26-8A3F-9D622D6A9D25} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FFAFF0B0-8337-41E4-863D-F2BA48B14AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-01-26 22:52 - 2007-01-31 23:11 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbcpp5c.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-11-05 08:28 - 2006-11-05 08:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2007-03-14 04:03 - 2006-11-15 11:08 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2007-03-13 20:36 - 2006-08-18 11:17 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2007-03-14 04:03 - 2006-11-15 11:07 - 00077824 _____ () C:\Windows\System32\hccutils.DLL
2006-11-03 15:25 - 2006-11-03 15:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2006-11-03 15:46 - 2006-11-03 15:46 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/03/2014 00:39:14 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (04/03/2014 00:39:14 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (04/03/2014 00:36:42 PM) (Source: Application Popup) (User: )
Description: Driver DLACDBHM.SYS has been blocked from loading.

Error: (04/03/2014 11:47:27 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (04/03/2014 11:44:10 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHM.SYS has been blocked from loading.

Error: (04/02/2014 01:16:18 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/02/2014 01:16:15 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/02/2014 00:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1547.0){3618771B-CC9F-4078-9B85-AAC113BC8DC0}201

Error: (04/02/2014 00:21:18 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.169.1547.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/02/2014 00:21:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version: 2.1.8904.0

Engine Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Error Code: %NT AUTHORITY601

Error description: %NT AUTHORITY602

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-28 15:55:01.622
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:55:00.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:59.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:59.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:34.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:33.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:33.183
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:32.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:31.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-28 15:54:30.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1013.71 MB
Available physical RAM: 103.95 MB
Total Pagefile: 2497.02 MB
Available Pagefile: 1188.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:99.74 GB) (Free:40.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End Of Log ============================

#17
mary58

Posted 03 April 2014 - 02:20 PM

Member

Topic Starter
Member
105 posts

I have removed JAVA from this system, and am posting the VEW log. Hopefully I can get to the rest of it before tonight so I can run Avast while sleeping like you suggested.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/04/2014 1:17:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/04/2014 8:13:42 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Log: 'System' Date/Time: 03/04/2014 8:10:11 PM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

Log: 'System' Date/Time: 03/04/2014 8:06:46 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 03/04/2014 8:06:43 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 03/04/2014 8:05:33 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 03/04/2014 8:05:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 03/04/2014 7:58:53 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1662.0).

Log: 'System' Date/Time: 03/04/2014 7:55:20 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.1662.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80070643 Error description: Fatal error during installation.

Log: 'System' Date/Time: 03/04/2014 7:55:14 PM
Type: Error Category: 0
Event: 2003 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.

Log: 'System' Date/Time: 03/04/2014 7:55:14 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 17.36.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.8904.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.

Log: 'System' Date/Time: 03/04/2014 7:39:14 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/04/2014 7:39:14 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Log: 'System' Date/Time: 03/04/2014 7:36:42 PM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

Log: 'System' Date/Time: 03/04/2014 6:47:27 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Log: 'System' Date/Time: 03/04/2014 6:44:10 PM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

Log: 'System' Date/Time: 02/04/2014 8:16:18 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 02/04/2014 8:16:15 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 02/04/2014 7:23:00 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.169.1547.0).

Log: 'System' Date/Time: 02/04/2014 7:21:18 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.1547.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80070643 Error description: Fatal error during installation.

Log: 'System' Date/Time: 02/04/2014 7:21:12 PM
Type: Error Category: 0
Event: 2003 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.8904.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/04/2014 8:10:11 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 03/04/2014 8:09:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/04/2014 7:36:42 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 03/04/2014 7:35:46 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/04/2014 6:44:10 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 03/04/2014 4:13:21 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/04/2014 1:40:36 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 26 seconds since the last report.

Log: 'System' Date/Time: 03/04/2014 1:40:36 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 26 seconds since the last report.

Log: 'System' Date/Time: 02/04/2014 6:48:15 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 02/04/2014 3:53:28 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/04/2014 1:49:01 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 28 seconds since the last report.

Log: 'System' Date/Time: 02/04/2014 1:49:01 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 28 seconds since the last report.

Log: 'System' Date/Time: 01/04/2014 11:36:13 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 01/04/2014 10:46:56 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 01/04/2014 4:13:39 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#18
RKinner

Posted 03 April 2014 - 05:36 PM

Malware Expert

Expert
24,625 posts

CD burning has been turned off. If that is not something you wanted then:

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

There are still hard drive errors plus it might be overheating so let's run Speccy:

Get the free version of Speccy:

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

#19
mary58

Posted 04 April 2014 - 02:43 PM

Member

Topic Starter
Member
105 posts

log from Avast boot-time scan

04/03/2014 23:23
Scan of all local drives

File C:\ProgramData\WildTangent\Dell Game Console\Downloads\Installers\SetupGamesClient.exe_cache Error 42110 {The file is a decompression bomb.}
Number of searched folders: 34115
Number of tested files: 491493
Number of infected files: 0

#20
mary58

Posted 04 April 2014 - 02:48 PM

Member

Topic Starter
Member
105 posts

CD burning has been turned off. If that is not something you wanted then:

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

There was no attachment to this post.

#21
mary58

Posted 04 April 2014 - 03:06 PM

Member

Topic Starter
Member
105 posts

Attaching Speccy file JIM-PC.txt 89.6KB 319 downloads

#22
RKinner

Posted 04 April 2014 - 03:23 PM

Malware Expert

Expert
24,625 posts

Speccy says you are running pretty hot. 76 C. This is usually a sign of clogged up heatsink on a laptop. On a dell usually you can get to the heat sink and heat pipe by removing about 6 screws and a panel on the bottom. Probably should clean the thermal pads and put new paste on. I use the kit from Arctic Silver: http://www.amazon.co...n/dp/B001FVI91U

Hard drive is showing a lot of read errors so you might want to think about getting a new one and cloning it before it fails.

                      01 Read Error Rate   200 (200) Data 0000005552
                           03 Spin-Up Time   187 (187) Data 0000000648

                           C5 Current Pending Sector Count   200 (200) Data 0000000008

Were you able to get the disk check to run?

Fixlist is attached this time.

#23
mary58

Posted 04 April 2014 - 04:48 PM

Member

Topic Starter
Member
105 posts

I'm not at that computer right now, but wanted to verify what you wanted me to do with Disk Check. Did you want me to run it again? and was there a log you wanted me to post for that.

Also extra thanks for having me run Speccy, I ran it on another machine and it was running even hotter, so I will try to get them both cleaned up.

#24
RKinner

Posted 04 April 2014 - 06:33 PM

Malware Expert

Expert
24,625 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#25
mary58

Posted 05 April 2014 - 07:48 PM

Member

Topic Starter
Member
105 posts

I've got the disk check set to run later this evening, Regarding CD burning (post #18) here is the fix log, there was no additions log this time.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Jim at 2014-04-05 18:43:26 Run:3
Running from C:\Users\Jim\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoCDBurning] 0
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value not found.

==== End of Fixlog ====

#26
mary58

Posted 05 April 2014 - 11:15 PM

Member

Topic Starter
Member
105 posts

I have run disk check and the sfc /scannow which ran finished without any problem.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/04/2014 10:11:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/04/2014 4:26:30 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Log: 'System' Date/Time: 06/04/2014 4:23:47 AM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/04/2014 4:23:48 AM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 06/04/2014 2:48:26 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/04/2014 10:14:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/04/2014 4:36:25 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Sonic Solutions DLA, from vendor Sonic Solutions) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows.

Log: 'Application' Date/Time: 06/04/2014 2:47:45 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-4212322857-3481637288-2254658967-1000:

#27
RKinner

Posted 06 April 2014 - 03:37 PM

Malware Expert

Expert
24,625 posts

A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Log: 'System' Date/Time: 06/04/2014 4:23:47 AM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

See if you can update Roxio as it currently is not working which will slow down your boot.

Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Sonic Solutions DLA, from vendor Sonic Solutions) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows. Log: 'Application' Date/Time: 06/04/2014 2:47:45 AM

Another program in need of an update.

Otherwise it looks pretty good now. How is it running? Is it still running hot? When it gets too hot the CPU will slow down in order to protect itself.

#28
mary58

Posted 06 April 2014 - 11:32 PM

Member

Topic Starter
Member
105 posts

There has been maybe since we got this computer a pop up that said the Sonic Solutions driver was blocked, and I had never found a way to update it. Since I am not the main user on that machine, it wasn't a priority. Tonight I found on a message board on Roxio's site to uninstall the Roxio drag and drop, I did that and that pop up about the driver is gone. Which scan should I run to see if that resolved those problems?

The machine seems to be running okay, other than being hot. And fixing that isn't something I am going to try myself.

#29
RKinner

Posted 06 April 2014 - 11:58 PM

Malware Expert

Expert
24,625 posts

Just clear the alarms and reboot then run VEW as before and it should show you if the driver is still a problem.

On a Dell it's not usually major surgery. Look on the net for a video that shows how to disassemble your model. Sometimes you can clear them without surgery by using compressed air and/or a vacuum cleaner hose on the sir vents but you have to be careful not to overrev the fan.

I'll give you the standard cleanup routine now:

Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.

I
OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Cryptodefense, ransomware

Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → What is this ransomware attack called and can it be repaired? Started by activenets , 28 Jul 2021 ransomware, decrypt, recovery	1 reply 1,846 views	zep516 29 Jul 2021
RANSOMWARE Security → Virus, Spyware, Malware Removal → CERBER RANSOMWARE Started by draftthoughts , 04 Apr 2017 RANSOMWARE, VIRUS	0 replies 2,706 views	draftthoughts 04 Apr 2017
Security → Virus, Spyware, Malware Removal → Verify Ransomware is totally gone [Closed] Started by MontySch , 31 Mar 2017 ransomware	2 replies 2,366 views	pystryker 04 Apr 2017
malware Security → Virus, Spyware, Malware Removal → Feasibility of a phishing scheme using botnets! Started by Izac_Stark , 27 Feb 2017 malware, botnets, ransomware and 3 more...	1 reply 2,389 views	azarl 21 Mar 2017