Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby fayfox » August 18th, 2015, 7:33 pm

Hi wbg,
Everything still the same. This is probably nothing, but I've had the Task Manager opened while playing around, since CTRL+ALT+DELETE doesn't always work. I was intrigued by the performance tab and decided to monitor memory usage and computer locking up. Even when memory usage is low it can freeze, but one odd thing I've noticed lately is that after I close all applications once things freeze, or even if they haven't, my memory usage is between 4 and 5 GB. Then it will sometimes drop down to around 2 GB, then back up to b/t 4 & 5. Right now typing this to you, I only have firefox running and it dropped to around 2 GB and then spiked up to almost 5. Once when I opened window explorer, the memory usage went up to almost 6 GB. Had to do a hard shut down that time.
Before my troubles started, I could simultaneously run media player, adobe photoshop and firefox with about 6 to7 tabs opened. Now doing that is a guarantee for freezing. Sometimes the Task Manager lets me shut things down and the computer runs fine, sometimes not.
A couple games I wanted to try call for changes: origin wants to install updates and steam wants to remove compatibility mode. I wanted to try running Kingdoms of Amalur and Witcher one. Are these changes ok?
Hitman Pro insists on scanning every time I restart, free trial has run out. Do I uninstall or leave it for now?
I'm feeling guilty that this is taking so long. Thank you wannabeageek.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby wannabeageek » August 18th, 2015, 8:24 pm

Wait on the steam programs and hitmanpro for now.

Just a reminder -
  • do this from the admin account, please.
  • Make sure you disable all Vipre programs so that Vipre does not activate at reboot.
  • Do NOT use your mouse or keyboard while ComboFix is running.
  • Make sure all programs are closed prior to running ComboFix.

Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Pick in installer with this symbol:Image The big green button at the page top is an advertisement.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.

    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!

    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 18th, 2015, 9:16 pm

Here's ComboFix.txt:

ComboFix 15-08-18.01 - Admin 08/18/2015 20:55:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.3854 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-07-19 to 2015-08-19 )))))))))))))))))))))))))))))))
.
.
2015-08-19 01:04 . 2015-08-19 01:04 -------- d-----w- c:\users\fay\AppData\Local\temp
2015-08-19 01:04 . 2015-08-19 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-18 22:28 . 2015-08-18 22:29 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-08-18 00:48 . 2015-08-18 00:48 -------- d-sh--w- c:\users\Admin\AppData\Local\ms-drivers
2015-08-17 11:16 . 2015-08-17 11:16 -------- d-----w- c:\users\Admin\AppData\Roaming\CyberLink
2015-08-15 20:48 . 2015-08-15 20:31 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-15 20:48 . 2015-08-19 01:04 -------- d-----w- c:\users\Admin\AppData\Local\Temp
2015-08-15 20:28 . 2015-08-15 20:44 -------- d-----w- C:\zoek_backup
2015-08-12 07:13 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:13 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 06:10 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-06 00:23 . 2015-08-06 00:23 -------- d-----w- c:\users\fay\AppData\Roaming\HP
2015-08-05 23:35 . 2015-08-05 23:35 -------- d-----w- c:\users\fay\AppData\Roaming\GameHouse
2015-08-05 23:21 . 2015-08-05 23:21 -------- d-----w- c:\users\fay\AppData\Roaming\PhotoshopdotcomInspirationBrowser
2015-08-01 08:11 . 2015-08-01 08:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2015-07-26 11:51 . 2015-08-18 00:08 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-24 21:35 . 2015-08-16 01:32 -------- d-----r- c:\users\fay\iCloudDrive
2015-07-24 21:35 . 2015-07-24 21:35 -------- d-----w- c:\users\fay\AppData\Local\Apple Inc
2015-07-22 17:04 . 2015-07-22 17:04 17318592 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-07-22 00:57 . 2015-07-22 00:57 1375896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 00:17 . 2015-07-21 00:17 -------- d-----w- c:\program files (x86)\ESET
2015-07-20 22:42 . 2015-07-20 22:42 -------- d-----w- C:\RegBackup
2015-07-20 15:29 . 2015-08-10 00:44 -------- d-----w- C:\FRST
2015-07-20 10:44 . 2015-07-20 10:43 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-20 10:43 . 2015-07-20 10:43 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 08:34 . 2012-06-02 14:10 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 08:34 . 2011-05-25 09:10 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 17:54 . 2015-08-12 06:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 07:31 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 07:31 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-18 12:41 . 2014-04-09 07:39 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 12:41 . 2014-04-09 07:39 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41 . 2011-11-06 19:43 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 07:32 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 07:32 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 04:23 . 2015-06-17 04:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-06-17 04:23 . 2015-06-17 04:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-06-15 21:50 . 2015-07-15 07:30 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 07:30 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 07:30 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 07:30 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 07:30 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 07:30 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 07:30 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 07:30 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 07:30 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 07:30 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 07:30 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 07:30 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 07:32 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 07:32 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-05-25 18:19 . 2015-06-09 22:17 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 22:17 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 22:17 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-06-09 22:17 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 22:17 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 22:17 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 22:17 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 22:17 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 22:17 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:01 . 2015-06-09 22:17 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 22:17 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 22:17 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:00 . 2015-06-09 22:17 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 22:17 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 22:17 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 22:17 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 22:17 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:00 . 2015-06-09 22:17 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:19 . 2015-06-05 15:36 193536 ----a-w- c:\windows\system32\aepic.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-04-25 3632472]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-05-15 2888384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-17 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/18 18:12];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 08:34]
.
2015-08-18 c:\windows\Tasks\HPCeeScheduleForAdmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2015-08-04 c:\windows\Tasks\HPCeeScheduleForfay.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2015-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-CCleaner Monitoring - c:\program files\CCleaner\CCleaner64.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BFG-Holiday Jigsaw Valentines Day - c:\program files (x86)\Holiday Jigsaw Valentines Day\Uninstall.exe
AddRemove-BFG-My Kingdom for the Princess II - c:\program files (x86)\My Kingdom for the Princess II\Uninstall.exe
AddRemove-BFG-My Kingdom for the Princess III - c:\program files (x86)\My Kingdom for the Princess III\Uninstall.exe
AddRemove-Family Tree Maker 2012 - c:\programdata\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.exe
AddRemove-{1CB0993B-1CD4-4A18-9C85-9732AFD9843F} - c:\programdata\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-18 21:09:26
ComboFix-quarantined-files.txt 2015-08-19 01:09
.
Pre-Run: 723,403,616,256 bytes free
Post-Run: 722,485,530,624 bytes free
.
- - End Of File - - 0134AF9F4B6C280D1E222BC856BEBADC
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 19th, 2015, 9:47 pm

Any change in the computer's behavior and performance?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 19th, 2015, 11:06 pm

At first, yes it was running fairly smooth. Firefox kept giving me the unresponsive Plugin error, multiple times. I opted to stop plugin. Once I got the Unresponsive Script error. But after a few hours it's back to freezing. The first couple times the programs became unresponsive, I closed them down with task manager and did not have to reboot. But eventually, nothing responded and I had to do a hard shut down. Even though it's still freezing, the computer seems more responsive, if that makes sense. When it's working, it's working great.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 21st, 2015, 7:25 am

Hi wbg,
My computer is acting weird. Twice now I've heard the fan? come on for about a minute,once last night and this morning. I think it's the fan. It sounds just like my computer does when it's turned on. I've never heard it do this while running.
Otherwise, things about the same: sometimes running sluggish, sometimes perfect, sometimes not responding.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 21st, 2015, 1:47 pm

Hi fayfox,

Please run again and post the results.

MiniToolBox
If you do not have this on your desktop, please download MiniToolBox.exe and save it to your Desktop.

  • Right click on MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
    • List last 10 Event Viewer Errors.
    • List Minidump Files.
    • List Restore Points.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 21st, 2015, 3:43 pm

Hey wbg,
Downloaded to desktop, didn't see a Result.txt, just the MTB. Disabled vipre.

MiniToolBox by Farbar Version: 25-07-2015 01
Ran by Admin (administrator) on 21-08-2015 at 15:38:27
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: BK169AAR-ABA HPE-210f Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2015 09:43:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.2.5702, time stamp: 0x55cc03bd
Faulting module name: mozglue.dll, version: 40.0.2.5702, time stamp: 0x55cbf190
Exception code: 0x80000003
Fault offset: 0x0000e631
Faulting process id: 0xb08
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/19/2015 09:43:35 PM) (Source: Application Hang) (User: )
Description: The program HPTouchSmartMusic.exe version 3.1.1.3422 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1294

Start Time: 01d0dac5d2090ce7

Termination Time: 15

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Report Id:

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12230

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12230

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11232

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11232

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2015 12:23:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10233

Error: (08/19/2015 12:23:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10233


System errors:
=============
Error: (08/21/2015 03:36:22 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/21/2015 03:36:21 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/21/2015 01:27:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/20/2015 06:41:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/20/2015 06:30:45 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/20/2015 06:30:45 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/20/2015 06:30:45 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/20/2015 06:57:09 AM) (Source: NetBT) (User: )
Description: The name "FAY-PC :20" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (08/20/2015 06:57:09 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9F1DBDAA-8EFA-4065-924B-A07E10F47EC5} because another computer on the network has the same name. The server could not start.

Error: (08/20/2015 06:57:00 AM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (08/19/2015 09:43:47 PM) (Source: Application Error)(User: )
Description: plugin-container.exe40.0.2.570255cc03bdmozglue.dll40.0.2.570255cbf190800000030000e631b0801d0dad7177d07eaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dlle5d00292-46dc-11e5-818b-18a905b8e4ce

Error: (08/19/2015 09:43:35 PM) (Source: Application Hang)(User: )
Description: HPTouchSmartMusic.exe3.1.1.3422129401d0dac5d2090ce715C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12230

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12230

Error: (08/19/2015 12:23:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11232

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11232

Error: (08/19/2015 12:23:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2015 12:23:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10233

Error: (08/19/2015 12:23:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10233


CodeIntegrity Errors:
===================================
Date: 2015-08-17 22:05:37.800
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:37.793
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:37.787
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:37.781
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:34.494
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:34.488
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:34.479
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:34.469
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:28.652
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-17 22:05:28.645
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

========================= Minidump Files ==================================

C:\Windows\Minidump\020214-30326-01.dmp
C:\Windows\Minidump\031314-20514-01.dmp
C:\Windows\Minidump\041811-27892-01.dmp
C:\Windows\Minidump\050111-21528-01.dmp
C:\Windows\Minidump\050513-59171-01.dmp
C:\Windows\Minidump\052511-28126-01.dmp
C:\Windows\Minidump\060614-18954-01.dmp
C:\Windows\Minidump\071213-20670-01.dmp
C:\Windows\Minidump\072611-18470-01.dmp
C:\Windows\Minidump\072615-25724-01.dmp
C:\Windows\Minidump\080214-27144-01.dmp
C:\Windows\Minidump\080413-27300-01.dmp
C:\Windows\Minidump\081015-25162-01.dmp
C:\Windows\Minidump\090213-20841-01.dmp
C:\Windows\Minidump\091811-17550-01.dmp
C:\Windows\Minidump\092011-19468-01.dmp
C:\Windows\Minidump\092211-16520-01.dmp
C:\Windows\Minidump\092414-31387-01.dmp
C:\Windows\Minidump\102011-22152-01.dmp
C:\Windows\Minidump\102111-16848-01.dmp
C:\Windows\Minidump\102211-15459-01.dmp
C:\Windows\Minidump\110111-19312-01.dmp
C:\Windows\Minidump\110711-23743-01.dmp
C:\Windows\Minidump\111311-19156-01.dmp
C:\Windows\Minidump\112314-23509-01.dmp
========================= Restore Points ==================================

15-08-2015 14:29:44 Windows Update
15-08-2015 20:32:48 zoek.exe restore point
19-08-2015 00:49:45 ComboFix created restore point
19-08-2015 02:13:53 Windows Update
19-08-2015 07:00:32 Windows Update

**** End of log ****
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 21st, 2015, 9:49 pm

Hi fayfox,

You still have issues that go beyond the scope of this site and me. I have covered as much area as I could with the tools we have looking for malware. You may still have some remnant registry entries and possibly some PUP - potentially unwanted programs, but nothing that would cause the problems you still experience.

You have an "older" model HP? Have you ever cleaned the dust out of it? Have you ever had a shop clean it?

The below error is one I have seen too many times in this thread. This tells me that your modem, router, or something is not correctly configured. A computer or device connected to the network on a router should never have and address of 192.168.1.1
The address 192.168.1.1 is a gateway modem or router address depending upon the configuration.
Error: (08/21/2015 03:36:22 PM) (Source: NetBT) (User: )
Description: The name "FAY-PC :0" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.



Now for some clean-up routines.
From the Admin desk top, please:


Step 1.
ComboFix - Cleanup
Time for some housekeeping
  1. Click Start...select Run from the menu.
  2. Copy and paste the following into the text entry box:
    Combofix /Uninstall
  3. Click the OK button. (See image below as reference.)
Image



Step 2.
Please download Delfix and save it to your desktop.
  • Right-click on delfix.exe and select "Run as administrator" to run it.
  • Check the following boxes then click on Run.
    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Last but not least, I have some Websites for you to visit for your other issues. Tech Support Guy - Networking and Windows 7 Forums.

First, I believe most of the trouble is coming from a misconfigured network. This website is an associate site; one we work with. Tech Support Guy, TSG - Networking deals with much more than just malware removal like we do. The staff at Tech Support Guy is excellent, knowledgeable and should be able to resolve the network issue. I would go here to TSG first for help before going to Windows 7 Forums since I have only seen 2 BSOD reports since helping you and the last one was on the 10th of this month. Also, the hanging could be from the mis-configured router/modem setup you have. If you would like, I can notify staff at TSG that you are coming for help on their site for networking issues. If so, register there, post your issue, then PM me here to let me know your user name there at TSG so I can contact staff.


Second, the issue you have with the BSOD, (Source: BugCheck), and possible outdated drivers is something we really do not deal with. Our specialty is malware removal. I tried as much as I could to deal with the driver issue(s). I would use this as a last resort since I am not seeing much in driver issues.
I personally would like you to look at this site, Windows 7 Forums, for resolution since this is their specialty. If you do end up going to Windows 7 Forums for help, I would suggest you start with their DRIVERS section first.
We are NOT associated with them so I cannot tell them you are coming.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
Computer Security - a short guide to staying safer online

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!


On a final note, take your time reading all the information in this last post as there is a lot. I am sorry it has taken so long and we did not get everything fixed. Thank you very much for your patience. Most people would have given up by now.
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 22nd, 2015, 12:31 am

Hi wbg,
One of my faults, I rarely give up :)
Thank you for your patience and expertise. I could feel the eye rolls at some of my attempts to be helpful! My silver lining to this whole problem is that I've learned a lot and I plan to keep on learning.

I've unistalled combofix and ran delfix and yes, I have cleaned the dust from my computer. After hearing the fan run a couple of times, I'm going to see if it needs dusting again, but I think it's due to the high memory usage. I will start with TSG first and hope they can help solve my problems.
My expertise is minimum, but if I can help in any way, just ask.

fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby Cypher » August 23rd, 2015, 3:51 pm

As your Malware problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received,
please see Feedback for Our Helpers - Say "Thanks" Here
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy, pgmigg and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware