Jump to content

More PUPs


Jhay

Recommended Posts

After I had reinstalled Windows on my desktop computer, I had downloaded some applications from sites most likely to be containing adware. I later ran a MBAM scan with these results:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/17/2015
Scan Time: 12:55:21 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jordan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360352
Time Elapsed: 7 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.ClientConnect, C:\Users\Jordan\AppData\Local\Temp\a814aef6-e221-4402-9551-7b249eb47984\ImgBurn_v2.5.8.0_TSV3G737U.exe, Quarantined, [3be38b6df0992c0a60c9d1f13dc4936d], 
PUP.Optional.OpenCandy, C:\Users\Jordan\AppData\Local\Temp\nsr5105.tmp\OCSetupHlp.dll, Quarantined, [120c05f33752cf6794ef95299f667e82], 
PUP.Optional.ClientConnect, C:\Users\Jordan\Downloads\ImgBurn_v2.5.8.0_TSV3G737U.exe, Quarantined, [70ae4fa9c5c454e26ac0af1305fc3bc5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I had since quarantined and deleted these files.

 

Link to post
Share on other sites

Hello Jhay! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your FRST log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jordan on Tue 01/20/2015 at 22:34:56.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/20/2015 at 22:37:12.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner:
# AdwCleaner v4.108 - Report created 20/01/2015 at 23:01:07
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jordan - JORDAN-PC
# Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v39.0.2171.99
 
 
*************************
 
AdwCleaner[R0].txt - [875 octets] - [20/01/2015 22:45:33]
AdwCleaner[s0].txt - [799 octets] - [20/01/2015 23:01:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [858 octets] ##########
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Here is the log for the ESET Online Scanner:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b6eb8a6911981a4e92313bd1d52567a8
# engine=22142
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-26 05:48:19
# local_time=2015-01-26 12:48:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 0 49714929 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 173794749 0 0
# scanned=232348
# found=2
# cleaned=2
# scan_time=4314
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\ImgBurn_v2\SetupImgBurn_2.5.8.0.exe"
sh=94826D959A296C8B37C8C17D0FFD51C9A0557C0E ft=1 fh=3b2de6ea3567b0ef vn="a variant of Win32/InstallCore.UQ potentially unwanted application (deleted - quarantined)" ac=C fn="I:\Downloads\FileZilla_3.10.0.1_win32-setup.exe"
Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

  • 1 month later...

As I continue to browse certain sketchy websites, I encounter popups pointing to fake security warnings telling me I may be infected or certain web components (i.e. Java or browser) is out of date. In addition, I installed a trial of MBAM and the Real-Time Protection Module found this:


 


Detection, 6/18/2015 10:57:58 PM, SYSTEM, JORDAN-PC, Protection, Malicious Website Protection, IP, 94.75.199.178, adserver.kimia.es, 50684, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/18/2015 10:57:58 PM, SYSTEM, JORDAN-PC, Protection, Malicious Website Protection, IP, 94.75.199.178, adserver.kimia.es, 50684, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

I am wondering if encountering these fake security warnings actually mean I am actually infected every time, if MBAM or my antivirus does not detect any malicious objects and nothing significant happens (i.e. my browser or computer "locks" due to a pop-up or ransomware attack and inhibits use of the machine.)

 

Also, please take another look at my other topic: https://forums.malwa...ge/#entry968253. I checked an earlier reply where the Addition.txt logs are indeed included. Please let me know if you need for me to post them again.

Link to post
Share on other sites

Essentially, yes. However, one of these topics applies to my desktop computer at home while the other is for a laptop computer my mom uses at another location. Additionally for my desktop, I had noticed that I had something installed called Coupon Printer for Windows. I just uninstalled it.

Link to post
Share on other sites

Sorry for the long wait, but here are the new logs. Both the FRST AND Addition logs are included!

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Jordan (administrator) on JORDAN-PC on 13-07-2015 21:16:16
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.taoframework.com)C:\Program Files (x86)\Tao.Sdl.$AA
2015-02-07 15:09 - 2015-02-07 15:09 - 0116013 _____ () C:\Program Files (x86)\Uninstal.exe
2015-01-15 22:14 - 2015-07-05 09:31 - 0006521 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt
2015-06-08 14:50 - 2015-06-08 14:50 - 0000600 _____ () C:\Users\Jordan\AppData\Roaming\PUTTY.RND
2015-01-15 22:14 - 2015-07-05 09:32 - 0000678 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log
2015-01-15 22:14 - 2015-07-01 21:40 - 0000898 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log
2015-01-15 22:16 - 2015-06-14 17:12 - 0004608 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-14 21:19 - 2015-06-08 14:50 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND
2015-05-30 22:27 - 2015-05-30 22:27 - 0008394 _____ () C:\Users\Jordan\AppData\Local\recently-used.xbel
2015-03-10 14:24 - 2015-03-10 14:31 - 0000824 _____ () C:\ProgramData\hpzinstall.log
2015-01-31 01:02 - 2015-01-31 01:02 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\converter.exe
C:\Users\Jordan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Jordan\AppData\Local\Temp\ose00000.exe
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-01-14 22:44
 
==================== End of log ============================
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Jordan at 2015-07-13 21:17:56
Running from C:\Users\Jordan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1024083095-2647402447-3849860780-500 - Administrator - Disabled)
Guest (S-1-5-21-1024083095-2647402447-3849860780-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1024083095-2647402447-3849860780-1002 - Limited - Enabled)
Jordan (S-1-5-21-1024083095-2647402447-3849860780-1000 - Administrator - Enabled) => C:\Users\Jordan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CloudBuckIt (HKLM-x32\...\{CA3F1055-31C5-4C51-B0F8-4E6906D220D3}) (Version: 2.0.2.5 - CloudBuckIt)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.1210.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.5620 - CyberLink Corp.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F4400 (x32 Version: 140.0.696.000 - Hewlett-Packard) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla Client 3.10.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.1 - Tim Kosse)
Finale 2014d DEMO (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.0 - MakeMusic)
FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1.5 - FlightBeam)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Harmony Assistant (HKLM-x32\...\Harmony Assistant) (Version: 9.6.3i - Myriad SARL)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
LACMTA Red Line Extior Pack v3 Beta (HKLM-x32\...\{A98A97FB-90B1-4F16-AC18-20A9685D3F00}) (Version: 2.9 - ArtTrain)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Mendeley Desktop 1.13.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.8 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62613.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62613.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Navigraph FMS Data Manager 1.1.1.0514 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.1.1.0514 - Navigraph)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SHOUTcast Source DSP Plug-in v2 (HKLM-x32\...\SHOUTcast Source DSP) (Version: 2.3.5.222 - Radionomy SA)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1024083095-2647402447-3849860780-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.1 - Synthesia LLC)
TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
The TileProxy Project for Microsoft FSX/2004/2002 (HKLM-x32\...\TileProxy) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
XPax (HKLM-x32\...\{F2392BB6-52EF-4A0A-9A54-199AD0F2F3DA}) (Version: 0.00.0350 - HiFi Flightware)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1024083095-2647402447-3849860780-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
28-06-2015 12:35:33 Windows Update
03-07-2015 17:28:59 Windows Update
05-07-2015 10:03:22 Installed DirectX
05-07-2015 10:04:07 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
06-07-2015 22:50:47 Installed M-Audio MIDISPORT 6.1.3 (x64)
08-07-2015 23:27:00 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2880FC74-B60E-490C-A756-0CF7CDE6B410} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2EC78424-B71A-44A0-919C-A87450F06D8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {559DC43D-71BC-4BBC-B128-CA139151EA24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000UA => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.)
Task: {9F393961-7326-41B1-A2C7-22D1A41B5EDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BF86ECB3-95BC-4916-8363-8FF34F2A2C37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {E3F8DDAA-B9F1-4D2A-B01A-EFB76396D715} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {FFE8DB80-A313-43B3-944D-C9E897648743} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000Core => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000Core.job => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024083095-2647402447-3849860780-1000UA.job => C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-14 20:48 - 2014-12-13 04:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-16 01:05 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-08 06:10 - 2014-12-08 06:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-01-16 10:39 - 2014-12-10 03:15 - 00626440 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll
2015-02-02 22:57 - 2013-12-08 21:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll
2015-02-02 22:57 - 2013-12-08 21:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll
2015-02-02 22:57 - 2013-12-08 21:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll
2015-02-02 22:57 - 2013-12-08 21:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll
2015-06-14 17:34 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-06-14 17:34 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-01-12 15:29 - 2015-01-12 15:29 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-08 23:22 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 23:22 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2010-02-03 00:12 - 2010-02-03 00:12 - 00698496 _____ () C:\Program Files (x86)\HP\Digital Imaging\bin\FWUpdateEDO.dll
2015-07-08 23:22 - 2015-07-06 23:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1024083095-2647402447-3849860780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9F2FDD56-C2C7-448D-B224-37D9A2AD85DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C4107F94-7A4F-4B1A-BFDD-AFB144DD6372}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CCBBDE70-C3A8-4A24-981E-891539F26EB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{201208D3-00CC-4F24-93B7-9D5BC6A017BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{78E71396-7A24-43FF-9462-8B0EBF30B882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{67E8E3DF-1F8B-45CD-BE58-6C2D6AB99E13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{083C916F-95A0-47B0-AADC-F3FDCB460419}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{2214D6B9-87EB-4592-B047-BEB05ED694F4}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{38C9B9AD-F627-4494-B7EE-3E287B7286B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{94ECFF29-673D-4355-BF63-D812ECB4A746}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{DF0C85FD-452A-48D2-B602-4BDECCA8ED3B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{FF60AD13-49D8-4D04-A735-7D72CBC933F9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{0A28D3B7-B3BC-4649-B53B-0310CAD0AD35}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{61E2196F-FFFF-4767-83CC-A9A41CBBD8DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{57DB569D-DB90-42A0-9F13-50C80E8F8195}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{706D34F8-52D0-4386-B2F8-EF36FB4BB8CB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0003C0C-ADC5-4BD0-9CC0-13E188E343EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{FB6B11CB-9B2C-43D4-A6CA-2D5C5F883D2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [TCP Query User{A3DC81B6-52E9-467E-AAF6-C77725A7ADB6}C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe
FirewallRules: [uDP Query User{F5EE3094-D449-4B40-8688-C199814379CC}C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\fs_earth\fs_earth_link.exe
FirewallRules: [TCP Query User{A842E801-7447-4C5D-A94C-61483B576985}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [uDP Query User{000120C6-AD28-4BF9-A6B6-18345601A591}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{BB14EC06-E1A8-4AD0-A193-58967944F530}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3CFAB17E-A1A6-4F2F-AE66-74D21871A3E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3D7A4498-F404-48A3-B0B4-A7F7ABACC83B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F6EBA98A-71A8-4937-A556-14429B69D3B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D2F771BE-F70C-4E3F-929C-8184C1E4D561}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{21F03D62-870A-435C-8D54-1DBF5119E1A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EC0E6FB7-3E2C-4E78-BFB6-DE8AC0E74C15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C87804E9-07C5-4038-AC4C-22F398F95CF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{99CED114-DF9C-4E60-A900-4D2DB81F377D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FA1A7FA5-BF87-4A0E-894B-077AF61C3FEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{63573946-6379-41FB-9C67-02161C35E89C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FB16BACB-ADB4-436C-9AFB-D0F5A0718A46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{77507AC2-34C9-47D7-AC13-582E8C79F2F5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{84AB4F30-6A3A-4633-B4C5-FC3FE7B53DD9}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{EFC395F8-CF7B-4B10-A95D-D5FCBF73AA83}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{46C0095C-6DE6-45A6-A629-99FB69B28190}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5527ECB7-0735-4B0B-9D32-F7313FBF533F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070AE14B-2D1B-4EC7-AABD-9E10C19DCD5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E138F94-194B-4A15-A977-81BE8D1983DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CC7F85A-EB02-4704-998C-8CA776543F9A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{06658DA2-3519-4612-AAFB-6CA1BC07DEF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75DD9CF0-FDFF-41AA-95B6-6432C40661ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C884C518-DC0C-4B7F-AAEE-0C6F76B1CCD2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A79F8570-CD04-416A-8D6E-B1BE71E09274}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 09:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 09:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2015 11:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/06/2015 10:50:29 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )
Description: Legacy uninstall did not succeed.
 
Error: (07/06/2015 10:50:28 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )
Description: Legacy uninstall did not succeed.
 
Error: (07/06/2015 06:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 05:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 12:43:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/11/2015 09:52:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.1 service.
 
Error: (07/11/2015 09:51:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.1 service.
 
Error: (07/02/2015 09:17:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1053
 
Error: (07/02/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (07/02/2015 09:17:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
 
Error: (07/01/2015 06:54:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1053
 
Error: (07/01/2015 06:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (07/01/2015 06:53:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
 
Error: (06/28/2015 12:30:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (06/28/2015 12:24:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
 
Microsoft Office:
=========================
Error: (07/13/2015 09:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 09:51:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2015 11:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/06/2015 10:50:29 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )
Description: Legacy uninstall did not succeed.
 
Error: (07/06/2015 10:50:28 PM) (Source: LegacyUninstaller) (EventID: 0) (User: )
Description: Legacy uninstall did not succeed.
 
Error: (07/06/2015 06:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 05:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 12:43:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-15 11:56:05.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-15 11:56:05.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 11:26:21.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 11:26:21.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8172.31 MB
Available physical RAM: 5042.64 MB
Total Virtual: 16342.83 MB
Available Virtual: 12257.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1397.26 GB) (Free:1114.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive i: () (Fixed) (Total:149.04 GB) (Free:3.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 09D698B3)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file.

In your next reply, post the following log files:

  • FRST log
  • Malwarebytes' Anti-Malware log

fixlist.txt

Link to post
Share on other sites

I attempted to run FRST64 with the fixlist, yet Kaspersky Internet Security detected a Trojan named PDM:Trojan.Win32.Generic soon after. I disinfected and restarted the computer, at which time Kaspersky had quarantined the file.

Link to post
Share on other sites

Disabled the Kaspersky protection, which did the trick. I ran FRST64 again and here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Jordan at 2015-07-18 19:18:51 Run:2
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Page Ruler) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-01-14]
C:\Users\Jordan\AppData\Local\Temp\converter.exe
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
EmptyTemp:
end
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found. 
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg folder not found
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn folder not found
C:\Users\Jordan\AppData\Local\Temp\converter.exe => moved successfully.
 
The operation completed successfully.
EmptyTemp: => 3.6 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:20:49 ====
 
I disabled the Page Ruler Chrome extension, which could be the reason for the "Folder not found" references. I do not know what the other extension the other folder points to. Should I remove the Page Ruler extension already? I am planning to, but I won't without your approval.
Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.