Jump to content
Lynette

Pup.optional.WPM HKLM SOFTWARE

Recommended Posts

I keep running the virus checker and it does not go away. Help. Using google.  In simple terms how do I remove this. What his this?  I am a bit thick for this sort of thing. 

Share this post


Link to post
Share on other sites
Hello Lynette and welcome to Malwarebytes,

Run Malwarebytes scan again as follows:

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin...

Share this post


Link to post
Share on other sites

Task: {00C6D852-3AA9-45D5-B9FE-82FB7C4C4F90} - System32\Tasks\{622FCAC2-A41E-4880-BEC9-E738531D71BE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Lynette\AppData\Roaming\Allmyapps\Allmyapps.exe -c uninstall
Task: {01384175-28A8-485E-A18F-78827F378DA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {2773551C-5708-48C7-9B60-CF1C32D03A47} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-27] (Adobe Systems Incorporated)
Task: {2E047B4C-7D62-4426-B183-A144AA9AD43A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2EB78DDA-F203-4A08-A2F6-A169B2AD1BB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {34B99275-9658-4DB6-BAB9-292C8C7C89AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {47927955-B31B-44DD-8490-96D62A5BD6EC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
Task: {4E14C01E-3691-4FA5-A8CC-90C64339A889} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {567764DD-BF87-498C-9E6B-FBDA125ABC25} - no filepath
Task: {5ECB400A-C46D-4B2B-8BAF-341D5AA6C6BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {67114A9A-4398-4D7D-93A5-C3A2B518BF57} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6F34152C-02EE-49C5-A1CC-A64A3571E3D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-18] (Microsoft Corporation)
Task: {7C457F3D-C369-475C-B97D-61606E8B2CE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {89467A67-5868-4C6D-B9A0-C43543DD4EEF} - System32\Tasks\{3CE1E643-26DD-4C05-B4EA-376936E8053C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Fre_Ven_s Pro 23\Uninstall.exe" -c /fcp=1
Task: {8F5F2F52-6503-4BC3-BC26-7B6416F790E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95B0990C-FD09-4499-9FC6-2C5AD5F570BA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {9753877F-35EC-4AEF-A04C-2D8B9F8F9EDC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {9E8D5216-2B9C-4B19-9342-B98CBEF73243} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-12-01] (Toshiba Europe GmbH)
Task: {9F31D31B-9DA5-430A-A32F-51CC92F2EC15} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0807CEA-673C-4FAB-A439-3486E993093A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ABB72832-0081-4F49-9914-34CF07B66D10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B834E33F-BDAD-443A-9BE8-C9F210981F9C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D495159F-FCD7-4B6D-BC18-64DF56A4D829} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D7C39BF8-D05D-4BB8-839F-969EC8C7EA98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {D7EBB1F9-3C83-4231-9827-E9066FF419D7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC062F05-C5C4-4CB9-942C-12C658DEAF0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E5E21C3C-8BBD-4A6C-BAB7-D9008C795569} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {F3D3284A-096E-4411-B680-69EBC040811D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-10-13 14:38 - 2011-10-13 14:38 - 000156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2015-12-17 18:38 - 2015-12-17 18:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-01 18:08 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-11-16 11:39 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-22 11:40 - 2017-01-31 12:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 20:58 - 2017-03-18 20:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 20:59 - 2017-03-20 03:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-15 17:44 - 2017-11-15 17:46 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-15 17:44 - 2017-11-15 17:46 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-15 17:44 - 2017-11-15 17:46 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-09 07:55 - 2017-11-09 07:56 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 00:16 - 2017-03-09 00:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 14:19 - 2012-09-04 14:19 - 002611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 000049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 19:13 - 2012-08-13 19:13 - 000018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2017-11-15 17:43 - 2017-11-10 09:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libglesv2.dll
2017-11-15 17:43 - 2017-11-10 09:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libegl.dll
2017-06-20 15:17 - 2017-06-20 15:17 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 002281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-11-22 18:44 - 2012-08-01 22:01 - 000062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-12-21 04:18 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\123simsen.com -> www.123simsen.com

There are 7864 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\StartupApproved\Run: => "Allmyapps"
HKU\S-1-5-21-2939468435-2619746107-1210141752-1001\...\StartupApproved\Run: => "Allmyapps Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B9126A2-6084-4DB3-B9A5-FA0F85D847D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{5D8A0C66-8240-42F8-AE9A-8A423B0910E4}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{A289C99E-12E6-487E-A2AD-8454F2513EE0}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{297CF626-6CA6-4877-929A-F36FC2074681}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65115D0A-BD7E-4B54-96D3-852837FFA205}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA51AD83-6CCD-40A2-98BB-ACF15EA799FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6C2137F-5830-4E79-92AE-8428D5B12D5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E94D022-2084-46AA-BE6D-CF43A68EBE25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10C2B1FA-C00D-43D8-96DA-B2C21ADBFBDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{A9576E5F-F1A1-41EC-9E88-4F85424621DB}C:\users\lynette\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lynette\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A5C1A25F-25AF-4F59-BF3C-5C53CCA13C83}C:\users\lynette\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lynette\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA754BB8-2EB2-48E9-BB44-C4CA697FFFB7}C:\users\lynette\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lynette\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3F0FAFF6-B4C4-413E-B4E4-04282C4F488E}C:\users\lynette\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lynette\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B080FC69-7D70-4221-8ADB-813814943A8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{497EE419-4EE4-441C-B59F-22E13F1E730D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{565D0361-D694-4A80-B00E-C2981307C57F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BE983DB5-5EF9-4B01-BCBA-7EE5E27A217A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{47345614-8559-421A-BF05-AFB20E7D8E83}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3652B666-B7BE-4AE7-9E5A-A1B10E4B7AD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-10-2017 11:24:48 Windows Update
18-10-2017 19:29:27 Windows Update
21-10-2017 23:28:55 Windows Update
26-10-2017 12:57:06 Windows Update
16-11-2017 12:34:54 Windows Update
16-11-2017 12:36:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2017 12:42:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (11/16/2017 12:38:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (11/16/2017 12:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process ID: 0x2534
Faulting application start time: 0x01d35ed34e0ee621
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: f7c1fbff-c1d6-48a6-aa78-e5dc63fc72b0
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/16/2017 12:03:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (11/16/2017 11:41:08 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2017 11:40:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (11/16/2017 11:08:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (11/16/2017 10:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process ID: 0x1d28
Faulting application start time: 0x01d35ec7dc8c8c0b
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 78e06690-3d14-4154-a123-026aa45c16c1
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/16/2017 10:41:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: salem)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/16/2017 10:41:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.


System errors:
=============
Error: (11/16/2017 12:28:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.257.572.0).

Error: (11/16/2017 12:08:16 PM) (Source: DCOM) (EventID: 10010) (User: salem)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

Error: (11/16/2017 12:06:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/16/2017 12:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/16/2017 12:03:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/16/2017 12:01:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (11/16/2017 11:59:51 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Connected User Experiences and Telemetry service did not shut down properly after receiving a pre-shutdown control.

Error: (11/16/2017 11:59:26 AM) (Source: DCOM) (EventID: 10010) (User: salem)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (11/16/2017 10:46:21 AM) (Source: DCOM) (EventID: 10010) (User: salem)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.

Error: (11/16/2017 10:44:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 29 time(s).


CodeIntegrity:
===================================
  Date: 2017-11-16 13:13:40.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 13:13:40.544
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 13:13:08.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 13:13:08.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 12:54:26.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 12:54:26.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 12:16:51.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 12:16:51.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 11:00:21.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 11:00:21.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8073.22 MB
Available physical RAM: 5129.57 MB
Total Virtual: 9353.22 MB
Available Virtual: 6484.82 MB

==================== Drives ================================

Drive c: (TI31013500A) (Fixed) (Total:918.96 GB) (Free:855.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

But I have re run scan and again the same virus is there. Help what do I do now? Is my data at risk?

Share this post


Link to post
Share on other sites

Right I did try to do the sync to remove this but same problem. I also tried to manually remove any unwanted browsers and totally cleared any browsers manually. This has worked. I did totally clear browsers and left in malwarebytes. Now totally clear.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Edited by Lynette

Share this post


Link to post
Share on other sites

I have ran another scan and again  totally clean. I did not see where the pup was in my pc, until clearing all web browsers. Then there it was, logged in between other browsers and searches I had used. I have an ideal of what site it may have been though. 

 

Thanks for all the help Aura. 

Share this post


Link to post
Share on other sites

Kevin thank you for your help and advice. I ended up deleting all other browsers in  Google. I had to scroll down near the bottom of the list. Only infected this week. However this has resolved the problem. I have ran the virus checker twice and totally clear. No I do not need any more help. But I will ask again if I do. Was the information any use from the report?  I was just pissed off that Malwarebytes had not removed this infection. 

Many thanks.  

Lynette

Share this post


Link to post
Share on other sites

Hello Lynette,

The logs you posted from FRST were not complete, i`ve only just came back online so have just seen them, also saw that you may have followed advice from Aura. I make no comments regarding Malwarebytes...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.