Jump to content
SILVORBIM

Please help remove malware with error message "redirector.exe - Bad Image

Recommended Posts

Hello,

 

I believe my desktop comp has been infected because on every start up the following error message comes up and internet explorer wouldn't work along with some other programs.  

 

"redirector.exe - Bad Image

 

C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation or contact your system administrator or the software vendor for support"

 

I has only happened the last 4-5 days.  I have no idea how it become this way.  I did some research online and found out that my comp has been infected with malware.  I downloaded Combofix and scanned my comp but don't know what to do next.  Any help to remove this would be deeply appreciated. Here's the log from that scan.

 

ComboFix 16-01-07.01 - TDA 01/09/2016  13:26:04.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8159.6860 [GMT -5:00]
Running from: c:\users\TDA\Downloads\ComboFix.exe
Command switches used :: log
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-09 to 2016-01-09  )))))))))))))))))))))))))))))))
.
.
2016-01-09 18:28 . 2016-01-09 18:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-01-09 18:28 . 2016-01-09 18:28 -------- d-----w- c:\users\UpdatusUser.TDA-PC\AppData\Local\temp
2016-01-09 18:28 . 2016-01-09 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-12 20:19 . 2012-05-20 15:22 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-12 20:19 . 2012-05-20 15:22 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-17 421888]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2015-06-24 518496]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2015-06-24 231776]
.
c:\users\TDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2012-10-11 436848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AtHomeConnect.lnk - c:\program files (x86)\AtHomeConnect\AtHomeConnect.exe -auto [2013-2-2 9939936]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-5-20 292240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/20 10:46;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys;c:\windows\SYSNATIVE\DRIVERS\thdudf.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-16 20:44 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 20:19]
.
2016-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28 17:53]
.
2016-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28 17:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\TDA\AppData\Roaming\Mozilla\Firefox\Profiles\sd39yb2s.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
.
**************************************************************************
.
Completion time: 2016-01-09  13:37:16 - machine was rebooted
ComboFix-quarantined-files.txt  2016-01-09 18:37
ComboFix2.txt  2016-01-09 18:19
.
Pre-Run: 4,748,042,240 bytes free
Post-Run: 4,658,839,552 bytes free
.
- - End Of File - - 4641361D42BC25A59E7E21DCE07989A1
 

ComboFix.txt

Share this post


Link to post
Share on other sites

Hello again,

 

I ran Combofix on my own.  Anyway downloaded Farbar and ran it again.  Here's the log. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by TDA (administrator) on TDA-PC (10-01-2016 13:02:29)
Running from C:\Users\TDA\Downloads
Loaded Profiles: TDA (Available Profiles: TDA & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-27] (cyberlink)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] ()
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKU\S-1-5-21-1339829878-630215284-160811659-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk [2013-02-02]
ShortcutTarget: AtHomeConnect.lnk -> C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe (HR Block                            )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk [2012-05-20]
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\TDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk [2013-09-27]
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{420FB3D8-2464-422D-BB52-3D2F5D6E2124}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1339829878-630215284-160811659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1339829878-630215284-160811659-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1339829878-630215284-160811659-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-17] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-17] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-17] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-17] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://esource.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\TDA\AppData\Roaming\Mozilla\Firefox\Profiles\sd39yb2s.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-18] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (Kaspersky Protection) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-25]
CHR Extension: (YouTube) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-08]
CHR Extension: (Safe Money) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-06-05]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-06-05]
CHR Extension: (Virtual Keyboard) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Anti-Banner) - C:\Users\TDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-05]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-05-20] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MpsSvc; . [0 2016-01-10] () <==== ATTENTION (zero byte File/Folder)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-17] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-17] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-17] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S2 thdudf; C:\Windows\SysWOW64\DRIVERS\thdudf.sys [66944 2006-11-11] (TOSHIBA Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 13:02 - 2016-01-10 13:02 - 00023413 _____ C:\Users\TDA\Downloads\FRST.txt
2016-01-10 12:52 - 2016-01-10 13:02 - 00000000 ____D C:\FRST
2016-01-10 12:52 - 2016-01-10 12:52 - 02370560 _____ (Farbar) C:\Users\TDA\Downloads\FRST64.exe
2016-01-10 12:50 - 2016-01-10 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 12:50 - 2016-01-10 12:50 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-10 12:50 - 2016-01-10 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-10 12:50 - 2016-01-10 12:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-10 12:50 - 2016-01-10 12:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-10 12:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-10 12:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-10 12:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-10 12:48 - 2016-01-10 12:49 - 22908888 _____ (Malwarebytes ) C:\Users\TDA\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-09 13:38 - 2016-01-09 13:38 - 00016678 _____ C:\Users\TDA\Desktop\ComboFix.txt
2016-01-09 13:37 - 2016-01-09 13:37 - 00016678 _____ C:\ComboFix.txt
2016-01-09 13:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-09 13:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-09 13:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-09 13:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-09 13:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-09 13:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-09 13:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-09 13:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-09 12:59 - 2016-01-09 13:37 - 00000000 ____D C:\Qoobox
2016-01-09 12:59 - 2016-01-09 13:18 - 00000000 ____D C:\Windows\erdnt
2016-01-09 12:58 - 2016-01-09 12:58 - 05646860 ____R (Swearware) C:\Users\TDA\Downloads\ComboFix.exe
2016-01-09 12:57 - 2016-01-09 12:57 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\TDA\Downloads\SpyHunter-Installer.exe
2016-01-09 12:57 - 2016-01-09 12:57 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\TDA\Downloads\SpyHunter-Installer (1).exe
2016-01-09 11:30 - 2016-01-09 11:30 - 00003352 ____N C:\bootsqm.dat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 12:54 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 12:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-10 12:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-10 12:47 - 2014-02-28 10:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 12:47 - 2012-05-20 10:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 12:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-10 12:46 - 2009-07-14 00:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-10 12:45 - 2014-02-28 10:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 12:20 - 2012-05-20 00:37 - 00062260 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00211102}.rfx
2016-01-10 12:20 - 2012-05-20 00:37 - 00062260 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000001-00001102-00000005-00211102}.rfx
2016-01-10 12:20 - 2012-05-20 00:37 - 00000788 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000001-00001102-00000005-00211102}.rfx
2016-01-10 12:19 - 2012-05-20 10:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-10 12:19 - 2012-05-20 10:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-10 12:19 - 2012-05-20 10:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-10 12:06 - 2014-05-17 11:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-10 10:10 - 2009-07-13 23:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 10:10 - 2009-07-13 23:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 10:09 - 2013-08-10 22:12 - 00000000 ____D C:\Users\TDA\AppData\Local\HTC MediaHub
2016-01-10 10:03 - 2012-05-20 00:31 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-10 09:46 - 2012-05-20 10:03 - 00000000 ____D C:\Users\TDA\AppData\Local\Adobe
2016-01-09 13:36 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-01-09 13:20 - 2012-06-24 10:58 - 00000000 ____D C:\Users\TDA\AppData\Local\ElevatedDiagnostics
2016-01-09 13:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-09 11:54 - 2012-05-19 23:47 - 00000000 ____D C:\Users\TDA
2016-01-09 11:49 - 2015-12-05 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-09 11:49 - 2013-10-29 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 11:49 - 2013-04-05 19:35 - 00000000 ____D C:\ProgramData\pdf995
2016-01-09 11:49 - 2012-12-01 14:10 - 00000000 ____D C:\Users\UpdatusUser.TDA-PC
2016-01-09 11:49 - 2012-05-20 10:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-01-09 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-09 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-03 12:26 - 2013-07-25 21:23 - 00000000 ____D C:\Users\TDA\AppData\Local\CrashDumps
2015-12-16 15:45 - 2014-02-28 11:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2012-10-08 21:19 - 2012-10-08 21:19 - 0000132 _____ () C:\Users\TDA\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-01-14 11:12 - 2013-01-14 11:13 - 0007598 _____ () C:\Users\TDA\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-28 16:52
 
==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

And here's the additional log from the Farbar scan.

 

Administrator (S-1-5-21-1339829878-630215284-160811659-500 - Administrator - Disabled)
Guest (S-1-5-21-1339829878-630215284-160811659-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1339829878-630215284-160811659-1003 - Limited - Enabled)
TDA (S-1-5-21-1339829878-630215284-160811659-1000 - Administrator - Enabled) => C:\Users\TDA
UpdatusUser (S-1-5-21-1339829878-630215284-160811659-1001 - Limited - Enabled) => C:\Users\UpdatusUser.TDA-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
AinSoft Blu-ray Copy 2.0.0 (HKLM-x32\...\AinSoft Blu-ray Copy_is1) (Version:  - )
Aiseesoft iPhone Ringtone Maker 6.2.10 (HKLM-x32\...\{5B409A33-4D89-4438-9868-C327F9613ECE}_is1) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AtHomeConnect version 1.0.1.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.0.1.0 - HRBlock)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version:  - )
Canon Pro9000 II series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series) (Version:  - )
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 2.0.1 - Virgin HealthMiles)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Ohio 2012 (HKLM-x32\...\{E85D9824-9316-4124-9AC2-9F7E63B97295}) (Version: 1.12.4401 - HRB Technology, LLC.)
H&R Block Ohio 2013 (HKLM-x32\...\{7B655EBC-2183-4EE5-8320-2BE26482FD41}) (Version: 1.13.5201 - HRB Technology, LLC.)
H&R Block Ohio 2014 (HKLM-x32\...\{1A27E7E3-CB9E-4EB9-87E0-6AEE0B070E98}) (Version: 1.14.5901 - HRB Technology, LLC.)
HD Writer AE 3.0 (HKLM-x32\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.45.0 - HTC)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.0919.01 - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
StyleEase for APA Style, version 3.99 (HKLM-x32\...\StyleEase for APA Style, version 3.99) (Version:  - )
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX HD Video Converter Deluxe 3.12.5 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Xilisoft HD Video Converter 6 (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 6.0.3.0421 - Xilisoft)
Xilisoft MKV Converter 6 (HKLM-x32\...\Xilisoft MKV Converter 6) (Version: 6.0.12.0914 - Xilisoft)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 6.0.3.0528 - Xilisoft)
Xilisoft Video Splitter (HKLM-x32\...\Xilisoft Video Splitter) (Version: 1.0.34.0828 - Xilisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B2DB91D-DA0E-4B81-8F07-52B20D9E1DEB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1339829878-630215284-160811659-1000
Task: {4D329AF3-AB06-4CBC-B1AD-C403BD5BA53F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {50397DC0-F535-470D-9021-61BE9E403561} - System32\Tasks\{F67C661B-EABE-42F3-B51E-031995659DA7} => pcalua.exe -a G:\TISKEY.exe -d G:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {8F227579-CDBC-4CBD-9C46-D9E48A0CDF8C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {B0CE0E78-523D-4E7B-8AFD-289A49CA9352} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EB03DC41-A60A-4E35-AC10-E02F92A575A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F6A4B272-7F05-4F9A-BB29-A890A06C87B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-10] (Adobe Systems Incorporated)
Task: {FA2FBBCB-DDDF-4B7C-B396-68918C64C6A9} - System32\Tasks\AdobeAAMUpdater-1.0-TDA-PC-TDA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-05-20 00:31 - 2013-01-18 10:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-05 19:35 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-05-20 09:42 - 2009-07-02 09:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-01 17:33 - 2013-08-01 17:33 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 17:32 - 2013-08-01 17:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 17:33 - 2013-08-01 17:33 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 17:33 - 2013-08-01 17:33 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 17:33 - 2013-08-01 17:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 17:38 - 2013-08-01 17:38 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-11-11 01:34 - 2014-11-11 01:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2012-05-20 09:28 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-03-04 11:02 - 2011-03-04 11:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 11:02 - 2011-03-04 11:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 11:02 - 2011-03-04 11:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2010-05-05 18:56 - 2010-05-05 18:56 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2009-12-15 12:46 - 2009-12-15 12:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 12:49 - 2009-12-15 12:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-05-20 00:36 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-11 14:11 - 2015-01-11 20:43 - 14401024 _____ () C:\Windows\system32\ieframe.DLL
2015-12-16 15:45 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 15:45 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-09 12:09 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\TDA\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\TDA\Desktop\4570 consent.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\TDA\Desktop\4570 consent.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-01-09 13:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1339829878-630215284-160811659-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TDA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3533AE53-36C8-47AB-B05A-BD6CF6AA6F0C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{80D675DB-60D0-4310-90B4-677BC4AF0010}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A0CE2658-D678-47B9-B86E-9442A744B3FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1577487-2250-4A8B-AB74-B085105573CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06D125F2-5916-49D0-B957-D3F31D10816E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{60B651AE-7480-4011-B7E8-B2D1597C26DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF109A9B-BAF8-4F89-A49F-02F18812559C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{902BFFFC-AFBC-4BC8-8768-2E39EC02F269}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4CF56BB0-4258-43A1-A819-7454B4136BAD}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{744764F6-89BD-4637-B6D4-E009B58808D2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1D0D9597-CCD0-4938-8602-18F69865239C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D92985C5-D578-46C3-B7A9-187C80109C1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1D17241-FAE1-4E52-BB40-9C1CEBD58239}] => (Allow) C:\Users\TDA\AppData\Local\Temp\nsaC3F8.tmp\Installer-75732662.exe
FirewallRules: [{969D4054-A001-41CA-94DA-6C4724386900}] => (Allow) C:\Users\TDA\AppData\Local\Temp\nsaC3F8.tmp\Installer-75732662.exe
FirewallRules: [{783403DF-7AD3-47C7-B66C-BA88F7F24C8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8388181-A1E2-4E94-B213-E1C59AB4DD39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95DFA604-BF34-451F-82E5-57EC53962DB6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2016 12:50:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2016 12:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1553630
 
Error: (01/10/2016 12:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1553630
 
Error: (01/10/2016 12:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2016 12:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1538030
 
Error: (01/10/2016 12:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1538030
 
Error: (01/10/2016 12:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2016 12:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rastapi.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5be041
Exception code: 0xc0000005
Fault offset: 0x000007fef86500e4
Faulting process id: 0x81c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/10/2016 12:09:19 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (01/10/2016 10:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/10/2016 12:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: 
%%1056
 
Error: (01/10/2016 12:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: 
%%1056
 
Error: (01/10/2016 12:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (01/10/2016 12:50:20 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/10/2016 12:48:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: 
%%1056
 
Error: (01/10/2016 12:48:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
Error: (01/10/2016 12:46:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
 
Error: (01/10/2016 12:46:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (01/10/2016 12:46:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (01/10/2016 12:46:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-01-09 13:14:56.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-09 13:14:56.706
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-28 16:52:55.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 11:57:49.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 11:57:49.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8159.14 MB
Available physical RAM: 6382.93 MB
Total Virtual: 16316.47 MB
Available Virtual: 13876.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:4.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Media Bank) (Fixed) (Total:1863.01 GB) (Free:633.96 GB) NTFS
Drive g: (HRBlock2015) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F5AC9B26)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A51730AB)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Share this post


Link to post
Share on other sites

After the fix the comp restarted and the same error message came up.  So I moved both FRST and fixlist.txt files to a separate folder and ran the fix again.  The same thing happened. Internet explorer is still not working.  Attached is the second fixlog.

Fixlog.txt

Share this post


Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.

Share this post


Link to post
Share on other sites

Restarted the system and tried to uninstall Citrix Receiver again...Same error message windows.  Here they are.

 

"Citrix Receiver

There is a problem with this Windows Installer Package. A program run as part of the set up did not finish as expected.  Contact you support personel or package vendor."

 

"Citrix Receiver

The requested operation has failed.  To see more information, click View Log.  Contact the help desk and provide the log infor..."

Share this post


Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


FRST.gif FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy CitrixOnlinePluginPackWeb into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.

fixlist.txt

Share this post


Link to post
Share on other sites

After running Fix on FRST the system restarted and that redirector.exe error message didn't pop up but internet explorer is still not clickable.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.