Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chinese / Korean Crap


  • This topic is locked This topic is locked
21 replies to this topic

#1 cumbiamo

cumbiamo

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 24 January 2016 - 12:11 PM

So I was infected with a virus used, Malwarebytes, JRT, ESET, HitmanPro some in safemode as it kept coming back and think i finally got it but this pesky pop ups in a foreign language keep coming and I have an entry in my start up programs so I still have something.  The last scans don't show anything but the hijackthis log looks odd. I followed the prep guide as instructed in the other forum, CCleaner, Adwcleaner and Farbar.  PC works fine but I have these program or links running. 

 

 

Oriental%20Program.jpg

 

 

Oriental%20on%20Desktop.png

 

Oriental%20popup%20No%202.jpg

 

Logs attached

Attached File  FRST.txt   41.81KB   2 downloads

Attached File  Addition.txt   34.92KB   3 downloads

Attached File  AdwCleaner_1.24.16.txt   864bytes   3 downloads

Attached File  hijackthis.log   13.82KB   2 downloads

Attached File  JRT.txt   1.55KB   5 downloads

Attached File  Rkill.txt   2.9KB   1 downloads

 

This is a Dell Laptop Lattitude E7440... Not sure what else is needed.  Thank you for your assistance



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 24 January 2016 - 07:34 PM

Hello cumbiamo and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
----------------------------------------
Thank you for the Logs.
------------------------------
Uninstall some programs
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • PPT美化大师 or Tencent

After completing uninstalls, please manually reboot your machine!
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

======================================================================================

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Windows\system32\khj
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Sincerely
:hello:


Edited by olgun52, 24 January 2016 - 08:16 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 24 January 2016 - 09:11 PM

Uninstalled program as directed.  However, upon reboot the same popup, the second image comes up.  Also, the virus tool did not find anything to analyze.  As such, there was nothing for me to post,



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 25 January 2016 - 12:12 PM

Hi cumbiamo,

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
***********************************************************************************************************************************

Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   4.63KB   5 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 

Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step4:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.


Edited by olgun52, 25 January 2016 - 12:12 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 25 January 2016 - 09:36 PM

Starting to look positive - no pop up after reboot from work on last post:

 


# AdwCleaner v5.031 - Logfile created 25/01/2016 at 20:11:56
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : ricardo - MORENO
# Running from : C:\Users\ricardo\Downloads\adwcleaner_5.031.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [684 bytes] ##########







Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by ricardo (2016-01-25 13:44:59) Run:1
Running from C:\Users\ricardo\Downloads
Loaded Profiles: ricardo (Available Profiles: ricardo & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{034DF736-A378-4292-ACAE-A561088999F5}\InprocServer32 -> C:\Users\ricardo\AppData\Local\PPTAssist\pptassist64.dll (????????????)
CustomCLSID: HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{1077138E-896C-445E-BD31-CFCFFA4636C4}\InprocServer32 -> C:\Users\ricardo\AppData\Local\PPTAssist\pptassist64.dll (????????????)
Task: {8C74A70C-8B5B-44C0-B549-DC68EFEB1B6B} - System32\Tasks\Penyhikj => C:\PROGRA~1\GROOVE~1\Rorgoezi.bat
Task: {981595F9-8422-450E-B891-E7DAE54CCF83} - System32\Tasks\PPTAssistantUpdateTask_ricardo => C:\Users\ricardo\AppData\Local\PPTAssist\assistupdate.exe [2016-01-23] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E24CFFA8-7797-4EF0-BAF9-1FAB765F611B} - \amiupdaterExd -> No File <==== ATTENTION
Task: {E4D558E9-E865-4EDC-A751-CA389A36D824} - \amiupdaterExi -> No File <==== ATTENTION
Task: {E6549D2C-21E4-4C14-A8F2-81AABFB148D0} - System32\Tasks\PPTAssistantNotifyTask_ricardo => C:\Users\ricardo\AppData\Local\PPTAssist\notify.exe [2016-01-23] (????????????)
Task: C:\Windows\Tasks\PPTAssistantNotifyTask_ricardo.job => C:\Users\ricardo\AppData\Local\PPTAssist\notify.exe
Task: C:\Windows\Tasks\PPTAssistantUpdateTask_ricardo.job => C:\Users\ricardo\AppData\Local\PPTAssist\assistupdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31131811.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31131811.sys => ""="Driver"
C:\Program Files (x86)\ppt\Uninst.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\ricardo\AppData\Local\PPTAssist\ktpcntr.exe
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe [1571296 2015-12-28] (Tencent)
GroupPolicyScripts: Restriction <======= ATTENTION
2016-01-24 10:34 - 2016-01-24 10:34 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\Tencent
2016-01-24 10:34 - 2016-01-24 10:34 - 00000000 ____D C:\ProgramData\Tencent
2016-01-23 19:38 - 2016-01-23 19:45 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\kingsoft
2016-01-23 17:27 - 2016-01-24 10:38 - 00000338 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_ricardo.job
2016-01-23 17:27 - 2016-01-24 10:32 - 00000608 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_ricardo.job
2016-01-23 17:27 - 2016-01-23 20:43 - 00000000 ____D C:\Users\ricardo\AppData\Local\PPTAssist
2016-01-23 17:27 - 2016-01-23 20:40 - 00003596 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_ricardo
2016-01-23 17:27 - 2016-01-23 19:38 - 00000000 ____D C:\ProgramData\kingsoft
2016-01-23 17:27 - 2016-01-23 19:23 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\JesfoRadpit
2016-01-23 17:27 - 2016-01-23 19:23 - 00000000 ____D C:\Program Files (x86)\ppt
2016-01-23 17:27 - 2016-01-23 17:27 - 00003346 _____ C:\Windows\System32\Tasks\Penyhikj
2016-01-23 17:27 - 2016-01-23 17:27 - 00003326 _____ C:\Windows\System32\Tasks\PPTAssistantNotifyTask_ricardo
2016-01-23 17:27 - 2016-01-23 17:27 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\pptassist
2016-01-23 17:27 - 2016-01-23 17:27 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT????
2016-01-23 17:26 - 2016-01-23 19:23 - 00000000 ____D C:\Users\ricardo\AppData\Roaming\pendis
2016-01-19 19:48 - 2016-01-19 19:48 - 00927824 _____ (Google Inc.) C:\Users\ricardo\Downloads\chromecastinstaller (4).exe
2016-01-19 19:32 - 2016-01-19 19:32 - 00927824 _____ (Google Inc.) C:\Users\ricardo\Downloads\chromecastinstaller (3).exe
2016-01-19 19:30 - 2016-01-19 19:30 - 00927824 _____ (Google Inc.) C:\Users\ricardo\Downloads\chromecastinstaller (2).exe
C:\Users\ricardo\Downloads\chromecastinstaller (1).exe
C:\Users\ricardo\AppData\Roaming\Kodi
C:\Users\Administrator\AppData\Local\Temp\ARCompanionForSession2.exe
C:\Users\ricardo\AppData\Local\Temp\genteert.dll
C:\Users\ricardo\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\ricardo\AppData\Local\Temp\sqlite3.dll
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (YouTube) - C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:266
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:91
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{034DF736-A378-4292-ACAE-A561088999F5} => key not found.
HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{1077138E-896C-445E-BD31-CFCFFA4636C4} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C74A70C-8B5B-44C0-B549-DC68EFEB1B6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C74A70C-8B5B-44C0-B549-DC68EFEB1B6B}" => key removed successfully
C:\Windows\System32\Tasks\Penyhikj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Penyhikj" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{981595F9-8422-450E-B891-E7DAE54CCF83} => key not found.
C:\Windows\System32\Tasks\PPTAssistantUpdateTask_ricardo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantUpdateTask_ricardo => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E24CFFA8-7797-4EF0-BAF9-1FAB765F611B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E24CFFA8-7797-4EF0-BAF9-1FAB765F611B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4D558E9-E865-4EDC-A751-CA389A36D824}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D558E9-E865-4EDC-A751-CA389A36D824}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6549D2C-21E4-4C14-A8F2-81AABFB148D0} => key not found.
C:\Windows\System32\Tasks\PPTAssistantNotifyTask_ricardo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantNotifyTask_ricardo => key not found.
C:\Windows\Tasks\PPTAssistantNotifyTask_ricardo.job => not found.
C:\Windows\Tasks\PPTAssistantUpdateTask_ricardo.job => not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\31131811.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\31131811.sys" => key removed successfully
C:\Program Files (x86)\ppt\Uninst.exe => moved successfully
C:\Users\ricardo\AppData\Local\PPTAssist\ktpcntr.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcmgr => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\ricardo\AppData\Roaming\Tencent => moved successfully
C:\ProgramData\Tencent => moved successfully
C:\Users\ricardo\AppData\Roaming\kingsoft => moved successfully
"C:\Windows\Tasks\PPTAssistantNotifyTask_ricardo.job" => not found.
"C:\Windows\Tasks\PPTAssistantUpdateTask_ricardo.job" => not found.
C:\Users\ricardo\AppData\Local\PPTAssist => moved successfully
"C:\Windows\System32\Tasks\PPTAssistantUpdateTask_ricardo" => not found.
C:\ProgramData\kingsoft => moved successfully
C:\Users\ricardo\AppData\Roaming\JesfoRadpit => moved successfully
C:\Program Files (x86)\ppt => moved successfully
"C:\Windows\System32\Tasks\Penyhikj" => not found.
"C:\Windows\System32\Tasks\PPTAssistantNotifyTask_ricardo" => not found.
C:\Users\ricardo\AppData\Roaming\pptassist => moved successfully

=========== "C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT????" ==========

not found

========= End -> "C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT????" ========

C:\Users\ricardo\AppData\Roaming\pendis => moved successfully
"C:\Users\ricardo\Downloads\chromecastinstaller (4).exe" => not found.
"C:\Users\ricardo\Downloads\chromecastinstaller (3).exe" => not found.
"C:\Users\ricardo\Downloads\chromecastinstaller (2).exe" => not found.
"C:\Users\ricardo\Downloads\chromecastinstaller (1).exe" => not found.
C:\Users\ricardo\AppData\Roaming\Kodi => moved successfully
"C:\Users\Administrator\AppData\Local\Temp\ARCompanionForSession2.exe" => not found.
"C:\Users\ricardo\AppData\Local\Temp\genteert.dll" => not found.
"C:\Users\ricardo\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe" => not found.
"C:\Users\ricardo\AppData\Local\Temp\sqlite3.dll" => not found.
C:\Windows\SysWOW64\dlumd10.dll => moved successfully
C:\Windows\SysWOW64\dlumd11.dll => moved successfully
C:\Windows\SysWOW64\dlumd9.dll => moved successfully
C:\Windows\System32\dlumd10.dll => moved successfully
C:\Windows\System32\dlumd11.dll => moved successfully
C:\Windows\System32\dlumd9.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Windows\SysWOW64\MSIHANDLE => ":266" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3255" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3356" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":91" ADS removed successfully.
EmptyTemp: => 81.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:45:11 ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/25/2016
Scan Time: 7:07 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.25.05
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ricardo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381541
Time Elapsed: 3 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)







ComboFix 16-01-24.01 - ricardo 01/25/2016  19:14:19.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8097.6118 [GMT -6:00]
Running from: c:\users\ricardo\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-26 to 2016-01-26  )))))))))))))))))))))))))))))))
.
.
2016-01-26 01:21 . 2016-01-26 01:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-01-26 01:21 . 2016-01-26 01:21    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2016-01-25 01:32 . 2016-01-25 01:32    --------    d-----w-    c:\users\ricardo\AppData\Roaming\SUPERAntiSpyware.com
2016-01-25 01:32 . 2016-01-25 01:32    --------    d-----w-    c:\program files\SUPERAntiSpyware
2016-01-25 01:32 . 2016-01-25 01:32    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2016-01-24 23:44 . 2016-01-24 23:44    22704    ----a-w-    c:\windows\system32\drivers\EsgScanner.sys
2016-01-24 16:39 . 2016-01-25 19:45    --------    d-----w-    C:\FRST
2016-01-24 16:30 . 2016-01-25 21:39    --------    d-----w-    C:\AdwCleaner
2016-01-24 16:26 . 2016-01-24 16:26    --------    d-----w-    c:\program files\CCleaner
2016-01-24 02:47 . 2016-01-24 02:48    --------    d-----w-    c:\program files\HitmanPro
2016-01-24 02:47 . 2016-01-24 02:57    --------    d-----w-    c:\programdata\HitmanPro
2016-01-24 02:05 . 2016-01-24 02:05    --------    d-----w-    c:\program files (x86)\ESET
2016-01-24 01:19 . 2016-01-24 01:21    --------    d-----w-    C:\KVRT_Data
2016-01-24 01:01 . 2016-01-26 01:03    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-24 01:01 . 2016-01-24 01:01    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2016-01-24 01:01 . 2016-01-24 01:01    --------    d-----w-    c:\programdata\Malwarebytes
2016-01-24 01:01 . 2015-10-05 15:50    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-01-24 01:01 . 2015-10-05 15:50    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-01-24 01:01 . 2015-10-05 15:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2016-01-23 23:27 . 2016-01-23 23:28    --------    d-----w-    c:\users\ricardo\AppData\Local\Tempfolder
2016-01-23 23:27 . 2016-01-23 23:27    --------    d-----w-    c:\windows\system32\khj
2016-01-23 23:26 . 2016-01-24 01:23    --------    d-----w-    c:\program files (x86)\Microsoft Toolkit Final
2016-01-23 22:59 . 2016-01-23 22:59    --------    d-----w-    c:\program files (x86)\Asunsoft Word Password Geeker
2016-01-11 04:04 . 2016-01-11 04:04    --------    d-----w-    c:\users\ricardo\AppData\Local\Garmin_Ltd._or_its_subsid
2016-01-11 04:04 . 2016-01-11 04:04    --------    d-----w-    c:\programdata\Garmin
2016-01-11 03:35 . 2016-01-11 04:04    --------    d-----w-    c:\program files (x86)\Garmin
2016-01-11 02:54 . 2016-01-11 02:54    --------    d-----w-    c:\program files (x86)\Garmin GPS Plugin
2016-01-11 02:54 . 2016-01-11 02:54    --------    d-----w-    c:\program files\Garmin GPS Plugin
2016-01-11 02:53 . 2016-01-11 04:04    --------    d-----w-    c:\users\ricardo\AppData\Roaming\Garmin
2016-01-09 19:06 . 2016-01-09 19:06    --------    d-----w-    c:\programdata\Ant
2016-01-01 21:52 . 2016-01-01 21:52    --------    d-----w-    c:\users\ricardo\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-24 01:52 . 2013-12-12 15:05    143671360    ----a-w-    c:\windows\system32\MRT.exe
2016-01-23 23:30 . 2013-07-01 19:33    357888    ----a-w-    c:\windows\system32\dnsapi.dll
2016-01-20 19:43 . 2013-11-27 01:31    796864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 19:43 . 2013-11-27 01:31    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-04 20:36 . 2015-12-04 20:36    258480    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2015-12-04 20:35 . 2015-12-04 20:35    315312    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2015-12-04 20:27 . 2015-12-04 20:27    42416    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2015-11-06 21:50 . 2015-11-06 21:50    184240    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-24 20:45    223432    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-24 20:45    223432    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-24 20:45    223432    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\ricardo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-12-25 2346096]
"Spotify"="c:\users\ricardo\AppData\Roaming\Spotify\Spotify.exe" [2015-12-25 8387696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-17 50378880]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-12-10 1403304]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-01-21 7935904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2013-02-26 55976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"AVG_UI"="c:\program files (x86)\AVG\Av\avuirunnerx.exe" [2016-01-08 25512]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-10-08 408888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-01-12 179624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 wPCI;Wilreless PCI;c:\windows\system32\DRIVERS\wPci.sys;c:\windows\SYSNATIVE\DRIVERS\wPci.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe;c:\program files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Dell.PowerManager.Service;Dell.PowerManager.Service;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
S3 ST_Accel;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-27 19:43]
.
2016-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20 02:40]
.
2016-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20 02:40]
.
2016-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001Core.job
- c:\users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17 02:40]
.
2016-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001UA.job
- c:\users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-17 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-24 20:45    262344    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-24 20:45    262344    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-24 20:45    262344    ----a-w-    c:\users\ricardo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-05-02 698712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-28 7191768]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
"WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-04-18 114944]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-04 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-04 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-04 444400]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-05-29 36352]
"AWiCMgr"="c:\program files (x86)\Dell\Dell Unified Wireless Suite\AWiC\AWiCMgr.exe" [2013-09-24 189568]
"AWiCDiag"="c:\program files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe" [2013-09-24 2782336]
"wcct"="c:\program files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe" [2013-09-24 1074304]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-01-08 4876016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\iwm27oun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Register x - c:\program files (x86)\S0ft4PC\Register\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3845698566-1871629385-389679670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3845698566-1871629385-389679670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-25  19:33:19
ComboFix-quarantined-files.txt  2016-01-26 01:33
.
Pre-Run: 185,729,732,608 bytes free
Post-Run: 185,323,966,464 bytes free
.
- - End Of File - - 43AAA85949925A9355D71D5F904F3E5E
5C616939100B85E558DA92B899A0FC36



 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 25 January 2016 - 09:54 PM

Hi again,

 

Please Uninstall: HitmanPro

================================

 

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 71
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

================================================================================

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 January 2016 - 09:26 AM

Followed instructions.  Noticed the PPT program which I thought we had uninstalled is back as in image 1 of this post.  Here is the latest log from Rogue:

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ricardo [Administrator]
Started from : C:\Users\ricardo\Downloads\RogueKiller.exe
Mode : Scan -- Date : 01/28/2016 08:19:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3845698566-1871629385-389679670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3845698566-1871629385-389679670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD PM851 mSATA SCSI Disk Device +++++
--- User ---
[MBR] 638efa41a4f7c67874199e915f3b6b58
[BSP] 74e79d1cf351ec8a69cfdf5a75636d14 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 13942 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28635136 | Size: 230214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )
 



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 28 January 2016 - 02:35 PM

RogueKiller Log is clean.

 

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 January 2016 - 11:34 PM

Here it is

 

C:\Program Files\Sony\Vegas Pro 12.0\vegas.pro.12.-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Program Files (x86)\GetData\Recover My Files v4\crack.rar    a variant of Generik.UULDPB trojan
C:\Users\MORENO\Downloads\avc-free.exe    Win32/OpenCandy potentially unsafe application
C:\Users\MORENO\Downloads\ccsetup327.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\MORENO\Downloads\rcsetup142.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\MORENO\Downloads\rcsetup152.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\MSI98C8.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSI9E3A.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\ccp_aghqqfre.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\Director_hzwmtic.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\ffe_orcgdyjb.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcapp_cblhfsta.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mca_orcgdyjb.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcff_tffdwyhm.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcgc_qhvzqjve.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcie_vcbbylbf.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mck_scnadgyb.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcmsg_efutbgsm.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\mcsc_xqcrxsse.dll    a variant of Win32/WebWatcher.A potentially unsafe application
C:\Windows\SysWOW64\vbdslmtc\proxy.dll    a variant of Win32/WebWatcher.A potentially unsafe application
D:\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Torrents\IObit Advanced SystemCare PRO 8.1.0.651 Final Incl. Crack [ATOM]\advanced-systemcare-setup.exe    a variant of Win32/OpenCandy.A potentially unsafe application
D:\Torrents\PowerISO 6.1 Final + Crack [KaranPC]\32 Bit.rar    a variant of Win32/ClientConnect.A potentially unwanted application
D:\Torrents\PowerISO 6.1 Final + Crack [KaranPC]\64 Bit.rar    a variant of Win32/ClientConnect.A potentially unwanted application
D:\Torrents\TrainingPeaks WKO+ V2.2 Build106\Trainingpeaks WKO 2.2 b106 crack.rar    a variant of Win32/HackTool.Patcher.A potentially unsafe application
D:\Torrents\TrainingPeaks WKO+ V2.2 Build106\Trainingpeaks WKO 2.2 b106.zip    a variant of Win32/HackTool.Patcher.A potentially unsafe application
 



#10 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 January 2016 - 08:08 AM

:football:    I don't know what the hell I was thinking.  Please disregard the above log - it is for my desktop not infected laptop .. my apologies.



#11 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 January 2016 - 11:14 AM

OK this is the right one

 

C:\Users\ricardo\Downloads\ccsetup513.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\15ae5bbc.msi    Win32/Adware.Hicosmea.I application
 



#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 29 January 2016 - 01:26 PM

Please open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Windows\Installer\15ae5bbc.msi"

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.
 

Note:Your should stay away from illegal softwares

================================================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Please do for this issue;

 

Please follow the below steps to disable "Teredo" and report whether it helps.

 

:step1: Open an elevated "command prompt".

 

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

 

:step2: Type the below commands exactly and press "Enter" key.

 

      netsh interface teredo set state disabled

 

     Reboot the system when completed and hos is the PC running now,any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 January 2016 - 09:16 AM

Have completed your instructions.  Not familiar installing the tunneling software you mentioned although my son has access to the pc and may be related to an activation of some sorts he mentioned.  The pc works fine... I still have the PPT chinese charters on start menu as in image 1.  It has two lines once I click on them.

These are the properties MORENO\Users\ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT

 

I know we have uninstalled before, but afraid to click on it. Or try to uninstall, etc.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 30 January 2016 - 01:55 PM

No problem,this is normal. you can delete now safely them as manually.

 

How is your the PC running now and any issue  ?

 

Please post a fresh Frst.txt and Additional.txt Log files for my check.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 cumbiamo

cumbiamo
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 01 February 2016 - 08:18 AM

Says I dont have permission for this action when trying to post logs.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016

Ran by ricardo (2016-02-01 06:57:07)

Running from C:\Users\ricardo\Downloads

Windows 7 Professional Service Pack 1 (X64) (2013-12-03 17:28:20)

Boot Mode: Normal

==========================================================

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3845698566-1871629385-389679670-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-3845698566-1871629385-389679670-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3845698566-1871629385-389679670-1003 - Limited - Enabled)

ricardo (S-1-5-21-3845698566-1871629385-389679670-1001 - Administrator - Enabled) => C:\Users\ricardo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3845698566-1871629385-389679670-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Asunsoft Word Password Geeker (HKLM-x32\...\Asunsoft Word Password Geeker) (Version: 4.0 - Asunsoft)

Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)

AVG (Version: 16.31.7357 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)

CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)

ChromecastApp (HKU\S-1-5-21-3845698566-1871629385-389679670-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.129 - ALPS ELECTRIC CO., LTD.)

Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)

Dell USB Docking Software (HKLM\...\{8A5521F5-C46F-411A-9934-2359F6D4E756}) (Version: 7.2.47873.0 - Dell)

DisplayLink Core Software (HKLM\...\{DAA61D41-4809-46C6-9AE4-13A61C54FA23}) (Version: 7.2.47873.0 - DisplayLink Corp.)

Elevated Installer (x32 Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden

Fresco Logic USB3.0 Host Controller (HKLM\...\{3B0FC3C0-32F2-46DC-AB4D-54B39366794C}) (Version: 3.5.97.0 - Fresco Logic Inc.)

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{a5fbfb2e-b61d-462d-bca3-72a0e7ff7294}) (Version: 4.1.12.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)

Intel® Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)

Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kodi (HKU\S-1-5-21-3845698566-1871629385-389679670-1001\...\Kodi) (Version:  - XBMC-Foundation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3845698566-1871629385-389679670-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Online Services Sign-in Assistant (HKLM\...\{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}) (Version: 7.250.4287.0 - Microsoft Corporation)

Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}) (Version: 3.5.8082.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.307 - Qualcomm Atheros Communications)

Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5975 - Realtek Semiconductor Corp.)

Register x (HKLM-x32\...\Register x) (Version: x - S0ft4PC)

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-3845698566-1871629385-389679670-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0041 - ST Microelectronics)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Zwift version 1.0.19 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.19 - Zwift, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ricardo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3845698566-1871629385-389679670-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ricardo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {34959408-65DB-4A1D-A002-10B0AB70DA64} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-12-10] ()

Task: {391749D5-C9FC-4621-BCD4-594BDB007508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)

Task: {43E84261-B9E8-41AC-B07D-C12C8CF8F41B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {452A745C-996E-4856-8A3B-9846EE30E2ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)

Task: {4E766968-0CD1-4E68-AA8C-7B8CAF59A13F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001Core => C:\Users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {B0E47752-A4CD-42C2-890D-60BFBBEBFBC4} - System32\Tasks\{CFE7AFC6-4DE6-40BE-8AD4-C747E614064B} => pcalua.exe -a C:\Users\ricardo\AppData\Local\PPTAssist\utility\uninst.exe

Task: {B9DA4821-DFB4-4A18-BC97-69A07EA6B935} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)

Task: {BCCA1B41-8BD9-447B-BE7F-2D81643AAAD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

Task: {C372BB02-46E2-46A5-8895-782DEFC3308C} - System32\Tasks\{DE63734C-E329-47AB-BF8C-93374C1FDCC8} => pcalua.exe -a C:\Users\ricardo\AppData\Local\PPTAssist\utility\uninst.exe

Task: {C625C798-955C-4BFB-806E-799ACBF81E27} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001UA => C:\Users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001Core.job => C:\Users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3845698566-1871629385-389679670-1001UA.job => C:\Users\ricardo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-24 07:28 - 2013-09-24 07:28 - 00627328 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe

2015-11-12 22:31 - 2015-11-12 22:30 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

2013-11-26 19:33 - 2013-09-12 15:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3845698566-1871629385-389679670-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ricardo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: MSCRM => "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{7BF5FFE4-9456-4FAB-80D8-1CB21A7F5438}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe

FirewallRules: [{6D542469-1A98-44CA-852B-EAD2D2F6D256}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe

FirewallRules: [{33265EC7-DD9D-4BBD-9E28-5D85CA7AD739}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe

FirewallRules: [{64D6D88B-2E5F-4D2C-9248-C07B35ACA2B5}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe

FirewallRules: [{4BD1FAB9-EC41-407E-A702-DCB4E3292C90}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe

FirewallRules: [{E49F10EC-E4D1-47D5-86D3-5B8908E1944D}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe

FirewallRules: [{B6589541-68F7-418B-9D35-BFE7D96B517D}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe

FirewallRules: [{FA663B0D-6B02-4BAD-9A5C-99014754DCAD}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe

FirewallRules: [{FDB2FD8B-295B-4FF0-AB09-088C077F01A4}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe

FirewallRules: [{CE6F03C8-309B-4286-9A28-AFDB72F498CC}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe

FirewallRules: [{06DD681B-2B82-42F3-A104-A84FFBE80DD0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe

FirewallRules: [{778DB7BE-53CB-449B-BDCD-1AF93B460A90}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe

FirewallRules: [{9D5DE825-E3CD-46DA-9241-F5C3A0E99C02}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe

FirewallRules: [{222E3D6D-ACC5-40CD-910D-324B955AE489}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe

FirewallRules: [{68A50D7D-99C2-4991-9AAD-7270BFFC6334}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCICS.exe

FirewallRules: [{3318A18A-476D-43BD-B785-FC19B55C54FC}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCICS.exe

FirewallRules: [{99158735-E105-48DF-A9FD-6624B0BF1BE0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCSrvc.exe

FirewallRules: [{7DB7D79D-92F2-4C07-91D2-31D2065794CE}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCSrvc.exe

FirewallRules: [{66958E7E-7A1E-4751-B2FF-E756E68F29D7}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\DiagConsole.exe

FirewallRules: [{53E9FF64-7187-4637-8307-2C7C52C228F6}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\DiagConsole.exe

FirewallRules: [{E0893708-E6D4-4350-843B-53C7EF9D5EDD}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe

FirewallRules: [{73BCFDB1-68F0-4401-9ECE-3C48A757CC5B}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe

FirewallRules: [{292743C9-182D-4118-BAA1-F82894F8E835}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{0C46B290-E138-4300-9315-0F1EEB4197B9}] => (Allow) C:\Users\ricardo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{6B0C49FC-A363-41F9-A3D7-0E9124601FF7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{17871D14-AF6E-4026-8D5B-9D1E47A7512A}] => (Allow) LPort=2869

FirewallRules: [{8A371B52-FACB-4FF9-9FDF-A2389A609394}] => (Allow) LPort=1900

FirewallRules: [{80CBB4F6-D58F-4E8F-895F-060F692C1CA4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{6BCF99A5-B740-4706-AAA6-838CC8F32EA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{48122E8D-3774-4653-99A5-AF786891AB3E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{5D9281A4-E4CB-47F9-9791-B25D087621FA}] => (Allow) C:\Users\ricardo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{9B594A1B-ECC7-4FD9-90A0-2D5D763B99E6}] => (Allow) C:\Users\ricardo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F4E5BC68-60B9-418F-B914-0D596C5B14CA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{0FEC01A6-CA48-4B0C-A645-33D1AEBEDB67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{7B846488-B5EA-4339-93F2-4C343AF72847}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{EB44B50B-C909-4ECA-BE02-79406007E2CB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{38B50CEC-66E5-43C1-955E-240197CACB1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{2BD30BF8-9C6C-4123-ACF8-761C11DE278E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{3CB9F3E6-D74D-4D0C-A51F-E525D4CCE8A1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{5E17A137-6DB3-465E-A61A-7053CBBF98F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{DDC3ABB4-304D-4977-93F6-040E9F684D99}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{FB32A75B-6D83-4F43-A2BE-C6F11AAC8459}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{350789C9-2AC8-425A-9EC0-3C7029B4649A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{C01F5D33-C625-48D6-8664-C24DDDC81B48}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{DA4C287D-B226-4EA9-88C6-4C34461E0636}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{AEC0803B-8BD4-47FC-AB2B-042EEA11D296}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [TCP Query User{C32895F9-197E-413D-8F16-9F0B5A25D88D}C:\users\ricardo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ricardo\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{4256D030-546A-4CD2-9E17-004B545FB37D}C:\users\ricardo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ricardo\appdata\roaming\spotify\spotify.exe

FirewallRules: [{198BC792-7AF2-4BD5-A85D-9109B3AA5051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{304AC507-9F9C-4832-9533-6A5C2433BECD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{42FACF5A-95D6-40D3-82F6-02B589D864F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C6B3484B-EA4D-4800-A981-836F9E3FEDAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{09D4442B-9862-4D55-A1CC-D9058730F5FA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{C96E8D9E-4CDB-4B35-A7D1-488BD67CAAEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{9AC59CA8-DEE7-45C2-B23F-3BFF709BAF50}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{76F56BF8-E895-43F1-ACA5-6E6D646C5DAE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{19CE5C3A-CD3A-421A-85CB-F67B03FC3C88}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{B6CC5EB4-DEA5-4AB3-921D-B7320FBFF04D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{B2977B51-DCC4-421D-965B-66ACD02AA93B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{2FF1D85F-7B1D-45A4-BA12-1242BA775FAE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

10-01-2016 21:52:31 Garmin Express

10-01-2016 22:04:01 Garmin Express

18-01-2016 12:05:11 Scheduled Checkpoint

23-01-2016 20:44:33 JRT Pre-Junkware Removal

23-01-2016 21:24:36 JRT Pre-Junkware Removal

25-01-2016 13:45:00 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

==================== Event log errors: =========================

Application errors:

==================

Error: (01/29/2016 04:09:22 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/29/2016 10:18:15 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16866, time stamp: 0x53211297

Faulting module name: ONLINE~1.OCX_unloaded, version: 0.0.0.0, time stamp: 0x55546935

Exception code: 0xc0000005

Fault offset: 0x158b08e0

Faulting process id: 0x1720

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Error: (01/28/2016 07:41:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/28/2016 12:30:13 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/27/2016 12:52:12 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/26/2016 03:12:38 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/25/2016 08:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2016 03:40:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2016 02:10:50 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/25/2016 01:46:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

System errors:

=============

Error: (01/29/2016 04:09:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

wPCI

 

Error: (01/29/2016 09:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (01/29/2016 09:40:44 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\ricardo\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/29/2016 09:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (01/29/2016 09:40:44 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\ricardo\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (01/29/2016 09:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

Error: (01/29/2016 09:40:44 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\ricardo\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/29/2016 09:30:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (01/29/2016 09:30:57 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\ricardo\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (01/29/2016 09:30:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

 

==================== Memory info ===========================

Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz

Percentage of memory in use: 28%

Total physical RAM: 8097.48 MB

Available physical RAM: 5789.89 MB

Total Virtual: 16193.15 MB

Available Virtual: 13715.61 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:224.82 GB) (Free:169.33 GB) NTFS

Drive e: (BOOT_XP) (Removable) (Total:3.79 GB) (Free:3.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: AB1AFB30)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=224.8 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 0077CF82)

Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End of Addition.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users