Jhay Posted January 17, 2015 ID:930150 Share Posted January 17, 2015 After I had reinstalled Windows on my desktop computer, I had downloaded some applications from sites most likely to be containing adware. I later ran a MBAM scan with these results: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/17/2015Scan Time: 12:55:21 AMLogfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2015.01.16.14Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Jordan Scan Type: Threat ScanResult: CompletedObjects Scanned: 360352Time Elapsed: 7 min, 38 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 3PUP.Optional.ClientConnect, C:\Users\Jordan\AppData\Local\Temp\a814aef6-e221-4402-9551-7b249eb47984\ImgBurn_v2.5.8.0_TSV3G737U.exe, Quarantined, [3be38b6df0992c0a60c9d1f13dc4936d], PUP.Optional.OpenCandy, C:\Users\Jordan\AppData\Local\Temp\nsr5105.tmp\OCSetupHlp.dll, Quarantined, [120c05f33752cf6794ef95299f667e82], PUP.Optional.ClientConnect, C:\Users\Jordan\Downloads\ImgBurn_v2.5.8.0_TSV3G737U.exe, Quarantined, [70ae4fa9c5c454e26ac0af1305fc3bc5], Physical Sectors: 0(No malicious items detected) (end) I had since quarantined and deleted these files. Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2015 ID:930355 Share Posted January 17, 2015 Hello Jhay! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your FRST log files in a new reply in this thread: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Jhay Posted January 18, 2015 Author ID:930533 Share Posted January 18, 2015 Here are the FRST & Addition logs, which are attached because posting them both here made the post too long to submit!Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Maniac Posted January 19, 2015 ID:930633 Share Posted January 19, 2015 Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
Jhay Posted January 21, 2015 Author ID:931269 Share Posted January 21, 2015 JRT:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Home Premium x64Ran by Jordan on Tue 01/20/2015 at 22:34:56.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 01/20/2015 at 22:37:12.10End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner:# AdwCleaner v4.108 - Report created 20/01/2015 at 23:01:07# Updated 17/01/2015 by Xplode# Database : 2015-01-18.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Jordan - JORDAN-PC# Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Google Chrome v39.0.2171.99 ************************* AdwCleaner[R0].txt - [875 octets] - [20/01/2015 22:45:33]AdwCleaner[s0].txt - [799 octets] - [20/01/2015 23:01:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [858 octets] ########## Link to post Share on other sites More sharing options...
Maniac Posted January 21, 2015 ID:931583 Share Posted January 21, 2015 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
Jhay Posted January 26, 2015 Author ID:932993 Share Posted January 26, 2015 Here is the log for the ESET Online Scanner:ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=b6eb8a6911981a4e92313bd1d52567a8# engine=22142# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-01-26 05:48:19# local_time=2015-01-26 12:48:19 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1='Kaspersky Internet Security'# compatibility_mode=1299 16777213 100 100 0 49714929 0 0# compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 173794749 0 0# scanned=232348# found=2# cleaned=2# scan_time=4314sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\ImgBurn_v2\SetupImgBurn_2.5.8.0.exe"sh=94826D959A296C8B37C8C17D0FFD51C9A0557C0E ft=1 fh=3b2de6ea3567b0ef vn="a variant of Win32/InstallCore.UQ potentially unwanted application (deleted - quarantined)" ac=C fn="I:\Downloads\FileZilla_3.10.0.1_win32-setup.exe" Link to post Share on other sites More sharing options...
Maniac Posted February 5, 2015 ID:936695 Share Posted February 5, 2015 How are things now? Link to post Share on other sites More sharing options...
Jhay Posted February 6, 2015 Author ID:936816 Share Posted February 6, 2015 Everything is good from this end. However, I have noticed on either my laptop or desktop I have received the following re-direct when browsing various software download sites: http://www.fixyourbrowser.com/removal-instructions/your-software-may-be-out-of-date/ Link to post Share on other sites More sharing options...
Maniac Posted February 25, 2015 ID:943230 Share Posted February 25, 2015 Try to reset your router, reboot them and check again. Link to post Share on other sites More sharing options...
Jhay Posted February 26, 2015 Author ID:943290 Share Posted February 26, 2015 I reset the router and just turned on my desktop. I know I have not received these re-directs from my laptop (nor my desktop) recently. I only received them once while I was browsing sketchy sites. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 13, 2015 Root Admin ID:962215 Share Posted May 13, 2015 We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you. Thank you and sorry we missed your topic. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 29, 2015 Root Admin ID:972692 Share Posted June 29, 2015 Topic reopened per request Link to post Share on other sites More sharing options...
Maniac Posted June 29, 2015 ID:972796 Share Posted June 29, 2015 Please explain the situation now. Link to post Share on other sites More sharing options...
Jhay Posted June 30, 2015 Author ID:972916 Share Posted June 30, 2015 As I continue to browse certain sketchy websites, I encounter popups pointing to fake security warnings telling me I may be infected or certain web components (i.e. Java or browser) is out of date. In addition, I installed a trial of MBAM and the Real-Time Protection Module found this: Detection, 6/18/2015 10:57:58 PM, SYSTEM, JORDAN-PC, Protection, Malicious Website Protection, IP, 94.75.199.178, adserver.kimia.es, 50684, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 6/18/2015 10:57:58 PM, SYSTEM, JORDAN-PC, Protection, Malicious Website Protection, IP, 94.75.199.178, adserver.kimia.es, 50684, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, I am wondering if encountering these fake security warnings actually mean I am actually infected every time, if MBAM or my antivirus does not detect any malicious objects and nothing significant happens (i.e. my browser or computer "locks" due to a pop-up or ransomware attack and inhibits use of the machine.) Also, please take another look at my other topic: https://forums.malwa...ge/#entry968253. I checked an earlier reply where the Addition.txt logs are indeed included. Please let me know if you need for me to post them again. Link to post Share on other sites More sharing options...
Maniac Posted June 30, 2015 ID:973059 Share Posted June 30, 2015 You have two topics for the same problem, am I right? Link to post Share on other sites More sharing options...
Jhay Posted July 3, 2015 Author ID:974038 Share Posted July 3, 2015 Essentially, yes. However, one of these topics applies to my desktop computer at home while the other is for a laptop computer my mom uses at another location. Additionally for my desktop, I had noticed that I had something installed called Coupon Printer for Windows. I just uninstalled it. Link to post Share on other sites More sharing options...
Maniac Posted July 6, 2015 ID:974447 Share Posted July 6, 2015 Please manually delete FRST.exe, download a new fresh one and generate new fresh log files. Post them here. Link to post Share on other sites More sharing options...
Jhay Posted July 14, 2015 Author ID:976043 Share Posted July 14, 2015 Sorry for the long wait, but here are the new logs. Both the FRST AND Addition logs are included! FRST:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015Ran by Jordan (administrator) on JORDAN-PC on 13-07-2015 21:16:16Running from C:\Users\Jordan\DesktopLoaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 8 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.taoframework.com)C:\Program Files (x86)\Tao.Sdl.$AA 2015-02-07 15:09 - 2015-02-07 15:09 - 0116013 _____ () C:\Program Files (x86)\Uninstal.exe2015-01-15 22:14 - 2015-07-05 09:31 - 0006521 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt2015-06-08 14:50 - 2015-06-08 14:50 - 0000600 _____ () C:\Users\Jordan\AppData\Roaming\PUTTY.RND2015-01-15 22:14 - 2015-07-05 09:32 - 0000678 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log2015-01-15 22:14 - 2015-07-01 21:40 - 0000898 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log2015-01-15 22:16 - 2015-06-14 17:12 - 0004608 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-01-14 21:19 - 2015-06-08 14:50 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND2015-05-30 22:27 - 2015-05-30 22:27 - 0008394 _____ () C:\Users\Jordan\AppData\Local\recently-used.xbel2015-03-10 14:24 - 2015-03-10 14:31 - 0000824 _____ () C:\ProgramData\hpzinstall.log2015-01-31 01:02 - 2015-01-31 01:02 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP:====================C:\Users\Jordan\AppData\Local\Temp\converter.exeC:\Users\Jordan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exeC:\Users\Jordan\AppData\Local\Temp\ose00000.exeC:\Users\Jordan\AppData\Local\Temp\Quarantine.exeC:\Users\Jordan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2015-01-14 22:44 ==================== End of log ============================ Addition:Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015Ran by Jordan at 2015-07-13 21:17:56Running from C:\Users\Jordan\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1024083095-2647402447-3849860780-500 - Administrator - Disabled)Guest (S-1-5-21-1024083095-2647402447-3849860780-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1024083095-2647402447-3849860780-1002 - Limited - Enabled)Jordan (S-1-5-21-1024083095-2647402447-3849860780-1000 - Administrator - Enabled) => C:\Users\Jordan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCloudBuckIt (HKLM-x32\...\{CA3F1055-31C5-4C51-B0F8-4E6906D220D3}) (Version: 2.0.2.5 - CloudBuckIt)Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.1210.0 - CyberLink Corp.)CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.5620 - CyberLink Corp.)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )F4400 (x32 Version: 140.0.696.000 - Hewlett-Packard) HiddenFile Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)FileZilla Client 3.10.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.1 - Tim Kosse)Finale 2014d DEMO (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.0 - MakeMusic)FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1.5 - FlightBeam)GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenHarmony Assistant (HKLM-x32\...\Harmony Assistant) (Version: 9.6.3i - Myriad SARL)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddeniTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) HiddenLACMTA Red Line Extior Pack v3 Beta (HKLM-x32\...\{A98A97FB-90B1-4F16-AC18-20A9685D3F00}) (Version: 2.9 - ArtTrain)LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenM-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)Mendeley Desktop 1.13.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.8 - Mendeley Ltd.)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)Microsoft Flight Simulator SimConnect Client v10.0.62613.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62613.0 - Microsoft Corporation)Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version: - Microsoft Game Studios)Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Navigraph FMS Data Manager 1.1.1.0514 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.1.1.0514 - Navigraph)NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)OpenAL (HKLM-x32\...\OpenAL) (Version: - )Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) HiddenPhase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK)Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)REAPER (x64) (HKLM\...\REAPER) (Version: - )Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SHOUTcast Source DSP Plug-in v2 (HKLM-x32\...\SHOUTcast Source DSP) (Version: 2.3.5.222 - Radionomy SA)SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSpotify (HKU\S-1-5-21-1024083095-2647402447-3849860780-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)Status (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenSteam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Synthesia (HKLM-x32\...\Synthesia) (Version: 10.1 - Synthesia LLC)TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)The TileProxy Project for Microsoft FSX/2004/2002 (HKLM-x32\...\TileProxy) (Version: - )Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenUpdate for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) HiddenWinamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)XPax (HKLM-x32\...\{F2392BB6-52EF-4A0A-9A54-199AD0F2F3DA}) (Version: 0.00.0350 - HiFi Flightware)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 28-06-2015 12:35:33 Windows Update03-07-2015 17:28:59 Windows Update05-07-2015 10:03:22 Installed DirectX05-07-2015 10:04:07 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.2100506-07-2015 22:50:47 Installed M-Audio MIDISPORT 6.1.3 (x64)08-07-2015 23:27:00 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2880FC74-B60E-490C-A756-0CF7CDE6B410} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)Task: {2EC78424-B71A-44A0-919C-A87450F06D8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)Task: {559DC43D-71BC-4BBC-B128-CA139151EA24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000UA => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.)Task: {9F393961-7326-41B1-A2C7-22D1A41B5EDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)Task: {BF86ECB3-95BC-4916-8363-8FF34F2A2C37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)Task: {E3F8DDAA-B9F1-4D2A-B01A-EFB76396D715} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)Task: {FFE8DB80-A313-43B3-944D-C9E897648743} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000Core => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000Core.job => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000UA.job => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-01-14 20:48 - 2014-12-13 04:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-02-16 01:05 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-12-08 06:10 - 2014-12-08 06:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll2015-01-16 10:39 - 2014-12-10 03:15 - 00626440 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll2015-02-02 22:57 - 2013-12-08 21:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll2015-02-02 22:57 - 2013-12-08 21:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll2015-02-02 22:57 - 2013-12-08 21:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll2015-02-02 22:57 - 2013-12-08 21:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll2015-06-14 17:34 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll2015-06-14 17:34 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll2015-01-12 15:29 - 2015-01-12 15:29 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll2015-07-08 23:22 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll2015-07-08 23:22 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll2010-02-03 00:12 - 2010-02-03 00:12 - 00698496 _____ () C:\Program Files (x86)\HP\Digital Imaging\bin\FWUpdateEDO.dll2015-07-08 23:22 - 2015-07-06 23:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1024083095-2647402447-3849860780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9F2FDD56-C2C7-448D-B224-37D9A2AD85DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{C4107F94-7A4F-4B1A-BFDD-AFB144DD6372}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{CCBBDE70-C3A8-4A24-981E-891539F26EB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFirewallRules: [{201208D3-00CC-4F24-93B7-9D5BC6A017BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFirewallRules: [{78E71396-7A24-43FF-9462-8B0EBF30B882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{67E8E3DF-1F8B-45CD-BE58-6C2D6AB99E13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{083C916F-95A0-47B0-AADC-F3FDCB460419}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exeFirewallRules: [{2214D6B9-87EB-4592-B047-BEB05ED694F4}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exeFirewallRules: [{38C9B9AD-F627-4494-B7EE-3E287B7286B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exeFirewallRules: [{94ECFF29-673D-4355-BF63-D812ECB4A746}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exeFirewallRules: [{DF0C85FD-452A-48D2-B602-4BDECCA8ED3B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exeFirewallRules: [{FF60AD13-49D8-4D04-A735-7D72CBC933F9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exeFirewallRules: [{0A28D3B7-B3BC-4649-B53B-0310CAD0AD35}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{61E2196F-FFFF-4767-83CC-A9A41CBBD8DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{57DB569D-DB90-42A0-9F13-50C80E8F8195}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{706D34F8-52D0-4386-B2F8-EF36FB4BB8CB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{A0003C0C-ADC5-4BD0-9CC0-13E188E343EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exeFirewallRules: [{FB6B11CB-9B2C-43D4-A6CA-2D5C5F883D2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exeFirewallRules: [TCP Query User{A3DC81B6-52E9-467E-AAF6-C77725A7ADB6}C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exeFirewallRules: [uDP Query User{F5EE3094-D449-4B40-8688-C199814379CC}C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exeFirewallRules: [TCP Query User{A842E801-7447-4C5D-A94C-61483B576985}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exeFirewallRules: [uDP Query User{000120C6-AD28-4BF9-A6B6-18345601A591}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exeFirewallRules: [{BB14EC06-E1A8-4AD0-A193-58967944F530}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeFirewallRules: [{3CFAB17E-A1A6-4F2F-AE66-74D21871A3E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeFirewallRules: [{3D7A4498-F404-48A3-B0B4-A7F7ABACC83B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exeFirewallRules: [{F6EBA98A-71A8-4937-A556-14429B69D3B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{D2F771BE-F70C-4E3F-929C-8184C1E4D561}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exeFirewallRules: [{21F03D62-870A-435C-8D54-1DBF5119E1A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{EC0E6FB7-3E2C-4E78-BFB6-DE8AC0E74C15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exeFirewallRules: [{C87804E9-07C5-4038-AC4C-22F398F95CF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [{99CED114-DF9C-4E60-A900-4D2DB81F377D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exeFirewallRules: [{FA1A7FA5-BF87-4A0E-894B-077AF61C3FEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeFirewallRules: [{63573946-6379-41FB-9C67-02161C35E89C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exeFirewallRules: [{FB16BACB-ADB4-436C-9AFB-D0F5A0718A46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exeFirewallRules: [{77507AC2-34C9-47D7-AC13-582E8C79F2F5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exeFirewallRules: [{84AB4F30-6A3A-4633-B4C5-FC3FE7B53DD9}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exeFirewallRules: [{EFC395F8-CF7B-4B10-A95D-D5FCBF73AA83}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exeFirewallRules: [{46C0095C-6DE6-45A6-A629-99FB69B28190}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exeFirewallRules: [{5527ECB7-0735-4B0B-9D32-F7313FBF533F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{070AE14B-2D1B-4EC7-AABD-9E10C19DCD5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{3E138F94-194B-4A15-A977-81BE8D1983DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{3CC7F85A-EB02-4704-998C-8CA776543F9A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{06658DA2-3519-4612-AAFB-6CA1BC07DEF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{75DD9CF0-FDFF-41AA-95B6-6432C40661ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{C884C518-DC0C-4B7F-AAEE-0C6F76B1CCD2}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{A79F8570-CD04-416A-8D6E-B1BE71E09274}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Universal Serial Bus (USB) ControllerDescription: Universal Serial Bus (USB) ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (07/13/2015 09:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2015 09:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2015 11:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:50:29 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )Description: Legacy uninstall did not succeed. Error: (07/06/2015 10:50:28 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )Description: Legacy uninstall did not succeed. Error: (07/06/2015 06:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2015 09:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2015 09:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 05:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 12:43:37 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (07/11/2015 09:52:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.1 service. Error: (07/11/2015 09:51:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.1 service. Error: (07/02/2015 09:17:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1053 Error: (07/02/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Net.Tcp Port Sharing Service service failed to start due to the following error: %%1053 Error: (07/02/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect. Error: (07/01/2015 06:54:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1053 Error: (07/01/2015 06:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Net.Tcp Port Sharing Service service failed to start due to the following error: %%1053 Error: (07/01/2015 06:53:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect. Error: (06/28/2015 12:30:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Windows Update service hung on starting. Error: (06/28/2015 12:24:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )Description: WMPNetworkSvc0x80004005 Microsoft Office:=========================Error: (07/13/2015 09:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2015 09:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2015 11:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:50:29 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )Description: Legacy uninstall did not succeed. Error: (07/06/2015 10:50:28 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )Description: Legacy uninstall did not succeed. Error: (07/06/2015 06:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2015 09:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2015 09:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 05:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 12:43:37 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2015-02-15 11:56:05.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-15 11:56:05.292 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-01-18 11:26:21.919 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-01-18 11:26:21.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-2600 CPU @ 3.40GHzPercentage of memory in use: 38%Total physical RAM: 8172.31 MBAvailable physical RAM: 5042.64 MBTotal Virtual: 16342.83 MBAvailable Virtual: 12257.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1397.26 GB) (Free:1114.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive i: () (Fixed) (Total:149.04 GB) (Free:3.5 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 09D698B3)Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of log ============================ Link to post Share on other sites More sharing options...
Maniac Posted July 14, 2015 ID:976151 Share Posted July 14, 2015 Step 1 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Step 2 Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file. In your next reply, post the following log files:FRST logMalwarebytes' Anti-Malware logfixlist.txt Link to post Share on other sites More sharing options...
Jhay Posted July 16, 2015 Author ID:976635 Share Posted July 16, 2015 I attempted to run FRST64 with the fixlist, yet Kaspersky Internet Security detected a Trojan named PDM:Trojan.Win32.Generic soon after. I disinfected and restarted the computer, at which time Kaspersky had quarantined the file. Link to post Share on other sites More sharing options...
Maniac Posted July 16, 2015 ID:976722 Share Posted July 16, 2015 Please repeat my instructions, but first disable your protection until you finish my steps. Link to post Share on other sites More sharing options...
Jhay Posted July 18, 2015 Author ID:977338 Share Posted July 18, 2015 Disabled the Kaspersky protection, which did the trick. I ran FRST64 again and here's the log: Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01Ran by Jordan at 2015-07-18 19:18:51 Run:2Running from C:\Users\Jordan\DesktopLoaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)Boot Mode: Normal============================================== fixlist content:*****************startCloseProcesses:CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No FileCHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]CHR Extension: (Page Ruler) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-01-14]C:\Users\Jordan\AppData\Local\Temp\converter.exetestsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!EmptyTemp:end***************** Processes closed successfully.HKLM\SOFTWARE\Policies\Google => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfullyHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfullyHKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfullyHKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfullyHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfullyHKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfullyHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found. C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg folder not foundC:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn folder not foundC:\Users\Jordan\AppData\Local\Temp\converter.exe => moved successfully. The operation completed successfully.EmptyTemp: => 3.6 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 19:20:49 ==== I disabled the Page Ruler Chrome extension, which could be the reason for the "Folder not found" references. I do not know what the other extension the other folder points to. Should I remove the Page Ruler extension already? I am planning to, but I won't without your approval. Link to post Share on other sites More sharing options...
Maniac Posted July 20, 2015 ID:977580 Share Posted July 20, 2015 Thanks about that! Yes, you can do that. Next step will be to update Kaspersky and perform a full system scan. Let me know about the results. Link to post Share on other sites More sharing options...
Jhay Posted August 3, 2015 Author ID:980889 Share Posted August 3, 2015 Performed full system scan with Kaspersky, no threats detected. There was no log available to post. Link to post Share on other sites More sharing options...
Recommended Posts