Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WS Reputation 1 Virus or Not?


  • This topic is locked This topic is locked
35 replies to this topic

#1 jake21

jake21

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 11 September 2015 - 01:59 PM

Had a file scanned with updated NORTON . Norton noted that the file contained the WS Reputation 1 Threat? Knowing the sender of this file, I was surprised. I have seen a few articles that this is a false positive but unclear to me. Is this or is it not a virus and file to be deleted?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 12 September 2015 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 12 September 2015 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#4 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 13 September 2015 - 09:42 AM

Thank you....will post results...

MALWARE BYTES SCAN OF INDIVIDUAL FILE

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, Remediation Database, 2015.8.28.2, 2015.9.11.1,
Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, AKA IP Database, 2015.9.10.2, 2015.9.11.2,
Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, AKA Domain Database, 2015.9.10.8, 2015.9.11.2,
Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, IP Database, 2015.9.10.2, 2015.9.11.5,
Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, Domain Database, 2015.9.10.14, 2015.9.13.1,
Update, 9/13/2015 11:24 AM, SYSTEM, RAY-PC, Manual, Malware Database, 2015.9.10.7, 2015.9.13.3,
Scan, 9/13/2015 11:29 AM, SYSTEM, RAY-PC, Manual, Start:9/13/2015 11:26 AM, Duration:3 min 10 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 9/13/2015 11:33 AM, SYSTEM, RAY-PC, Manual, Start:9/13/2015 11:30 AM, Duration:2 min 52 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

Edited by jake21, 13 September 2015 - 11:37 AM.


#5 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 13 September 2015 - 11:39 AM

I tried to download the FARBAR from the links...but NORTON gives me error and says " not commonly downloaded" and then it deletes the file? Computer runs fine...just this one file keeps getting the error file from Norton.

Edited by jake21, 13 September 2015 - 12:30 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 14 September 2015 - 06:33 AM

The Farbar tool if downloaded from the links I gave you is safe.

Download it again. When you see the Norton message click the view details.
There will be an option to accept the file.

Run it as previously suggested.

Read about the WS reputation.
http://community.norton.com/en/forums/clarification-wsreputation1-detection

#7 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 14 September 2015 - 08:03 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by RAY (2015-09-14 08:01:53)
Running from C:\Users\RAY\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-04-13 21:57:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-552732713-1027737845-3521280576-500 - Administrator - Disabled)
Guest (S-1-5-21-552732713-1027737845-3521280576-501 - Limited - Enabled)
RAY (S-1-5-21-552732713-1027737845-3521280576-1000 - Administrator - Enabled) => C:\Users\RAY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
ConvertXtoDVD 4.1.9.346 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.9.346 - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.414.3 - White Sky)
Free YouTube Downloader 4.0.305 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Your Uninstaller! 2008 Version 6.0 (HKLM-x32\...\Your Uninstaller! 2008_is1) (Version: 6.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-09-2015 09:45:28 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0111C974-C656-487F-A32C-833104BDE7DC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {01B9EC49-CA58-45C2-A425-E03891A8C4EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {20EEB855-C704-4C73-9841-9E211030818D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {26D1F29A-E1C3-4772-973C-42BDEF9959A5} - System32\Tasks\{FC2E6142-AFCA-48CF-9B84-8BD1E6664DB2} => pcalua.exe -a "D:\Your Uninstaller! PRO 2008 6.1.1252\Your Uninstaller! PRO 2008 6.1.1252.exe" -d "D:\Your Uninstaller! PRO 2008 6.1.1252"
Task: {451EDE84-C58B-42FC-8ADA-BE74D31D6B9B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {9977A9CC-BDAD-4F1C-90EA-5AAD3DC0B041} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {9D2C0AB6-07CE-4B3B-AA15-3D40A3ED5A50} - System32\Tasks\{7CEF9E1F-2425-43A6-9CDC-D29C2DB808E7} => pcalua.exe -a "D:\Your Uninstaller! PRO 2008 6.1.1252\Your Uninstaller! PRO 2008 6.1.1252 Portable.exe" -d "D:\Your Uninstaller! PRO 2008 6.1.1252"
Task: {C1048398-C8FE-4423-8BBB-BC891BFE7A82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CA7503B2-F688-47D9-A25D-56A757416530} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe <==== ATTENTION
Task: {F4D31240-6839-46D0-A9A6-58F490113650} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-15 16:03 - 2006-10-20 00:39 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcxdrpp.dll
2013-04-15 16:02 - 2007-01-12 11:57 - 00292336 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
2013-04-15 16:02 - 2006-11-03 17:04 - 00304008 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
2006-08-08 16:21 - 2006-08-08 16:21 - 00732160 _____ () C:\Windows\system32\dlcxdrs.dll
2006-09-06 06:13 - 2006-09-06 06:13 - 00064000 _____ () C:\Windows\system32\dlcxcfg.dll
2006-09-22 07:43 - 2006-09-22 07:43 - 00024576 _____ () C:\Windows\system32\dlcxcaps.dll
2006-03-19 19:03 - 2006-03-19 19:03 - 00054784 _____ () C:\Windows\system32\dlcxcnv4.dll
2013-04-15 16:02 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
2013-04-15 16:02 - 2006-09-06 05:13 - 00073728 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxcfg.dll
2013-04-15 16:02 - 2006-03-14 16:38 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll
2014-09-05 06:57 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\RAY\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-552732713-1027737845-3521280576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RAY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E71C5C0B-7300-498C-8BE5-0DA2A100BEDD}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{9049A87C-A853-4323-ADA2-40484473B1CA}] => (Allow) C:\Windows\SysWOW64\dlcxcoms.exe
FirewallRules: [{10E7CF22-07F2-42C2-A6E3-3401BF206357}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{8DE5277C-3B2F-4807-BA76-BF2952B2B510}] => (Allow) C:\Windows\System32\dlcxcoms.exe
FirewallRules: [{247F1BDC-7063-44C5-8848-11C04B8C5CEA}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{4CC0EDC4-A27F-465F-B9FE-53A8E35DE11A}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
FirewallRules: [{C3BE68D0-F72F-4EE0-B4B5-33D2B3124A73}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{0391D80F-F271-4247-96F6-BB92365B6C2E}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxaiox.exe
FirewallRules: [{D8E93B81-F83B-4B8A-8528-1D22A7075DC2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{1E029F4F-F8F2-457A-B2F7-E9EB7FF26319}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{F3574184-61DC-4C6B-B62E-12F0F885385A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{7513CF88-FB52-42C5-B0ED-5B4E9872F89B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{AEDB8C83-ABD4-4A47-A38B-D4603F6F5374}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1366064749\ee\aolsoftware.exe
FirewallRules: [{2AAEC50E-5E55-496F-90DB-10CC85279B18}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1366064749\ee\aolsoftware.exe
FirewallRules: [{035F9B10-9519-4994-90BF-98DCB1CD0C60}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{CC332517-CDA4-4779-BDE3-7B325E33CFCB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{D0FD0B02-DFD4-4977-BA3D-BAEF2918275C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{EC5F2579-E166-4B49-BDFD-A856B8ACB009}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{7D7B8F43-9228-4903-AEDE-FEFFC92DF922}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A2B583ED-612F-4A01-8519-03FC01AC389E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C8E60578-B712-4FE8-AAF9-780042830A71}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{238BC5B5-D695-4AAE-BD5B-AE7DB00EFFA2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{1191D29A-C71D-49AE-9B69-B0FF72C50ED6}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{46E4F92B-D214-4514-8F69-106955342F16}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{9D78BA29-7E2A-45AB-A86B-55A07536CEED}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{97DBF433-9B48-48C3-A383-DEE53A78A31B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{87AF9706-1EF9-46C9-AB98-A227DEDBD77A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{DB165983-F381-40DD-9175-E15D64E666CE}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{C20B024C-0BD7-497B-A309-249291B8EC23}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{7DAE6E09-5703-4736-AEAD-B9536C540A82}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{076148CB-DDBC-48A1-9108-829893B549AD}] => (Allow) LPort=50697
FirewallRules: [{D81A552F-5682-466E-A9C3-040FFD8F400D}] => (Allow) LPort=5000
FirewallRules: [{2914D909-1F26-4F4B-B216-5C5A32487AA5}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{EB7B0162-12A8-4987-ADB3-5039030D3E9B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{E614A3A8-DA61-4CD6-BB07-FCAAFE5AED79}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{3FD70665-540D-43B0-ADED-58F91D9C3B12}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{03BEFB3B-B07A-4600-A6D5-264842B254E3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{EC5A4390-C1D3-40DE-9E4C-A38F7DAF7475}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{C7B9DB14-4238-4730-BBD7-750E32E5092A}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{6806B3A9-FDB6-4286-B90D-764FABEBA2DC}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{541A4D55-0ED6-423F-B1D5-615CF366A5C5}] => (Allow) LPort=8743
FirewallRules: [{8E0C2995-3852-4362-BD00-6131C01153F3}] => (Allow) LPort=8643
FirewallRules: [{7D75228B-BFBB-4351-BCC0-9D814E0E3D16}] => (Allow) LPort=7676
FirewallRules: [{1EAAB5C7-97F0-43DF-956D-C9A5FC9FFC03}] => (Allow) LPort=7679
FirewallRules: [{22ABB9FA-6C08-48B4-BD7E-05FAA5618B72}] => (Allow) LPort=24234
FirewallRules: [{E6C59CB8-87E8-40C6-B39E-2AB8C5FEB915}] => (Allow) LPort=7900
FirewallRules: [{7EAE3443-71A1-4D68-A884-6BF598C02A03}] => (Allow) LPort=1900
FirewallRules: [{FA9F33A1-80CC-47A2-ADFE-904983A2354C}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{D3223EF9-0FF9-4E79-BC50-E1818DEDF115}] => (Allow) C:\Users\RAY\AppData\Local\Temp\7zS3ACF.tmp\SymNRT.exe
FirewallRules: [{1B1DD177-33BD-4E18-82C3-1D201EAFF41F}] => (Allow) C:\Users\RAY\AppData\Local\Temp\7zS3ACF.tmp\SymNRT.exe
FirewallRules: [{1611BD93-EB91-4256-9A12-02717A84C9C3}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{AAC6C8B7-154B-4EFB-9B46-9FD7E120BA01}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{E4F740F0-90D9-427F-993A-868F1E056A3E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{F9C62E53-8AE7-4D00-92B3-99C49A8FB050}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2015 07:57:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/14/2015 06:37:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 06:36:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Faulting module name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Exception code: 0xc0000005
Fault offset: 0x0000252a
Faulting process id: 0x59c
Faulting application start time: 0xAdAppMgrSvc.exe0
Faulting application path: AdAppMgrSvc.exe1
Faulting module path: AdAppMgrSvc.exe2
Report Id: AdAppMgrSvc.exe3

Error: (09/13/2015 03:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2015 03:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Faulting module name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Exception code: 0xc0000005
Fault offset: 0x0000252a
Faulting process id: 0x598
Faulting application start time: 0xAdAppMgrSvc.exe0
Faulting application path: AdAppMgrSvc.exe1
Faulting module path: AdAppMgrSvc.exe2
Report Id: AdAppMgrSvc.exe3

Error: (09/13/2015 12:30:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/13/2015 12:01:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1068

Start Time: 01d0ee45621b8bf3

Termination Time: 8

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 08d1a834-5a39-11e5-946f-00038a000015

Error: (09/13/2015 11:58:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2015 11:57:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Faulting module name: AdAppMgrSvc.exe, version: 2.2.12.0, time stamp: 0x533a562f
Exception code: 0xc0000005
Fault offset: 0x0000252a
Faulting process id: 0x5b8
Faulting application start time: 0xAdAppMgrSvc.exe0
Faulting application path: AdAppMgrSvc.exe1
Faulting module path: AdAppMgrSvc.exe2
Report Id: AdAppMgrSvc.exe3

Error: (09/13/2015 11:41:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (09/14/2015 06:36:43 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAY-PC :20" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.119 did not allow the name to be claimed by
this computer.

Error: (09/14/2015 06:36:43 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{699E88D8-AEEF-4CCA-8559-448A5BD892A9} because another computer on the network has the same name. The server could not start.

Error: (09/14/2015 06:36:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Application Manager Service service failed to start due to the following error:
%%1053

Error: (09/14/2015 06:36:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Application Manager Service service to connect.

Error: (09/13/2015 03:03:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Application Manager Service service failed to start due to the following error:
%%1053

Error: (09/13/2015 03:03:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Application Manager Service service to connect.

Error: (09/13/2015 11:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Application Manager Service service failed to start due to the following error:
%%1053

Error: (09/13/2015 11:57:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Application Manager Service service to connect.

Error: (09/13/2015 09:06:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Application Manager Service service failed to start due to the following error:
%%1053

Error: (09/13/2015 09:06:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Application Manager Service service to connect.


Microsoft Office:
=========================
Error: (09/14/2015 07:57:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\VIRI KILLER\esetsmartinstaller_enu.exe

Error: (09/14/2015 06:37:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 06:36:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdAppMgrSvc.exe2.2.12.0533a562fAdAppMgrSvc.exe2.2.12.0533a562fc00000050000252a59c01d0eee1933e3bc4C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exeC:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exeda536685-5ad4-11e5-bb4e-00038a000015

Error: (09/13/2015 03:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2015 03:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdAppMgrSvc.exe2.2.12.0533a562fAdAppMgrSvc.exe2.2.12.0533a562fc00000050000252a59801d0ee5f34facf74C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exeC:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe7ba74361-5a52-11e5-9089-00038a000015

Error: (09/13/2015 12:30:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\VIRI KILLER\esetsmartinstaller_enu.exe

Error: (09/13/2015 12:01:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17937106801d0ee45621b8bf38C:\Program Files\Internet Explorer\IEXPLORE.EXE08d1a834-5a39-11e5-946f-00038a000015

Error: (09/13/2015 11:58:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2015 11:57:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdAppMgrSvc.exe2.2.12.0533a562fAdAppMgrSvc.exe2.2.12.0533a562fc00000050000252a5b801d0ee453f34c374C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exeC:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe87c5f5d0-5a38-11e5-946f-00038a000015

Error: (09/13/2015 11:41:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\VIRI KILLER\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3931.61 MB
Available physical RAM: 2268.29 MB
Total Virtual: 7861.43 MB
Available Virtual: 6167.71 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:76.5 GB) (Free:17.41 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:14.64 GB) (Free:5.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 76.7 GB) (Disk ID: 652B0ADC)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: 4DD4F659)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

#8 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 14 September 2015 - 08:04 AM

Here is the addition.txt file. thanks again...
The file in question is located on my flash drive ( E)., do I need to copy this questionable file to the hard drive for these scans?????

Edited by jake21, 14 September 2015 - 08:07 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 14 September 2015 - 08:24 AM

The file in question is located on my flash drive ( E)., do I need to copy this questionable file to the hard drive for these scans?????


What I need to see is the FRST.txt log.
Please post it.

#10 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 14 September 2015 - 10:56 AM

Here is the attachment.

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 14 September 2015 - 12:29 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
C:\Program Files (x86)\Viewpoint
Task: {CA7503B2-F688-47D9-A25D-56A757416530} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe <==== ATTENTION
C:\Program Files (x86)\RPC
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#12 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 14 September 2015 - 02:53 PM

Computer runs fine...here is the log after above adjustments...

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-09-2015
Ran by RAY (2015-09-14 14:41:20) Run:1
Running from C:\Users\RAY\Desktop
Loaded Profiles: RAY (Available Profiles: RAY)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
C:\Program Files (x86)\Viewpoint
Task: {CA7503B2-F688-47D9-A25D-56A757416530} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe <==== ATTENTION
C:\Program Files (x86)\RPC
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => key removed successfully
HKCR\Wow6432Node\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => key removed successfully
HKCR\Wow6432Node\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => key removed successfully
HKCR\Wow6432Node\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\PROTOCOLS\Handler\osf" => key removed successfully
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => key removed successfully
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
AntiLog32 => service removed successfully
keycrypt => service removed successfully
C:\Program Files (x86)\Viewpoint => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA7503B2-F688-47D9-A25D-56A757416530}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA7503B2-F688-47D9-A25D-56A757416530}" => key removed successfully
C:\Windows\System32\Tasks\RPC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RPC" => key removed successfully
"C:\Program Files (x86)\RPC" => File/Folder not found.
C:\ProgramData\TEMP => ":B3D74A13" ADS removed successfully.
EmptyTemp: => 75.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:42:48 ====



#13 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 14 September 2015 - 04:57 PM

How do these steps check the file I have on the flash drive that gives the virus error?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 15 September 2015 - 07:31 AM

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Keep me posted.

#15 jake21

jake21
  • Topic Starter

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 PM

Posted 15 September 2015 - 08:29 AM

Downloaded the FLASH DISINFECTOR...saved to desktop, double clicked and ran the program...nothing happens? The icon on desktop is there,the computer asks if I want to allow it to run....but after 30 minutes of waiting , nothing seems to launch...I checked on TASKMANAGER, and see nothing pertaining to disinfect running? I tried to do this with 3 separate downloads, but nothing happens? What am I missing..thanks again.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users