Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Hacktool.BruteDorce.BP


  • This topic is locked This topic is locked
3 replies to this topic

#1 blueicetwice

blueicetwice

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Paul & Mpls - Maoisota
  • Local time:04:36 AM

Posted 10 October 2016 - 01:16 AM

I found this trojan attached to a program I have used for quite sometime - SpeedFan.
 
I removed the program and hope that it did the job in removing this Badware.
 
I also ran several other anti-virus scans.  Not sure they were of any helf.
 
Could someone be of assistance, for which I would be very grateful.  
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016
Ran by blueice (10-10-2016 00:53:03)
Running from C:\Users\blueice\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-03 17:05:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4068703826-4060866642-1060159371-500 - Administrator - Disabled)
blueice (S-1-5-21-4068703826-4060866642-1060159371-1000 - Administrator - Enabled) => C:\Users\blueice
Guest (S-1-5-21-4068703826-4060866642-1060159371-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4068703826-4060866642-1060159371-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
BitMeter (HKLM-x32\...\BitMeter) (Version:  - )
BurnInTest v8.1 Standard (HKLM\...\BurnInTest_is1) (Version: 8.1.1010.0 - Passmark Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CrystalControl2 (15/09/2015) (HKLM-x32\...\CrystalControl2) (Version: (15/09/2015) - Crystalfontz America)
CursorFX (HKLM-x32\...\CursorFX) (Version: 2.13 - Stardock Corporation)
CyberPower PowerPanel Personal Edition 1.6.1 (HKLM-x32\...\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}) (Version: 1.6.1 - Cyber Power Systems, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Fritz Grandmaster Challenge (HKLM-x32\...\{9BBFB384-E7AF-4397-A5F2-EB856E0BB645}) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{AFBB2F94-A43D-46AD-8F77-66ACB3C71EDF}) (Version: 4.39.552.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Metadefender Endpoint (x32 Version: 7.6.21.0 - OPSWAT, Inc.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.6.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.6.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.6.49 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1051.0 - Passmark Software)
PhotoFilmStrip 2.0.0 (HKLM-x32\...\PhotoFilmStrip_is1) (Version: 2.0.0 - Jens G�pfert)
PlanMaker 2008 (C:\Program Files (x86)\SoftMaker Office 2008) (HKU\S-1-5-21-4068703826-4060866642-1060159371-1000\...\sm-un4.u32) (Version:  - SoftMaker Software GmbH)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
SHIELD Streaming (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.6.49 - NVIDIA Corporation) Hidden
SoftMaker Office 2008 (C:\Program Files (x86)\SoftMaker Office 2008) (HKLM-x32\...\sm-un1.u32) (Version:  - SoftMaker Software GmbH)
SoftMaker Presentations 2008 (C:\Program Files (x86)\SoftMaker Office 2008) (HKU\S-1-5-21-4068703826-4060866642-1060159371-1000\...\sm-un3.u32) (Version:  - SoftMaker Software GmbH)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Stardock CursorFX Free (HKLM-x32\...\CursorFX Free) (Version: 2.16 - Stardock Corporation)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TextMaker 2008 (C:\Program Files (x86)\SoftMaker Office 2008) (HKU\S-1-5-21-4068703826-4060866642-1060159371-1000\...\sm-un5.u32) (Version:  - SoftMaker Software GmbH)
TP-LINK Wireless Utility (HKLM-x32\...\{5BE5DB79-685E-46FD-A231-CD7467B69DD7}) (Version: 1.5.6.0 - TP-LINK)
UninsFree (HKU\S-1-5-21-4068703826-4060866642-1060159371-1000\...\UninsFree) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.7.8.6317 - Golden Frog, GmbH.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version:  - Wisdom Software Inc.)
Wisdom-soft ScreenHunter 5.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 5.0 Pro) (Version:  - Wisdom Software Inc.)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4068703826-4060866642-1060159371-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\blueice\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EC091A-C230-41BA-B439-BA69DCE29D45} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {08B0A6F1-41F0-48AD-A5BF-1D6D7938E349} - System32\Tasks\{8BDA8B83-204F-446D-9113-05FB2C13E9E9} => Chrome.exe 
Task: {0A00839E-190B-47A5-B428-A31B0830B497} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-11-17] (Foolish IT LLC)
Task: {18CC0891-0E17-4284-80A4-525E4DB020C7} - System32\Tasks\{DFF2967F-5ACD-4311-B90B-4697EB57DC05} => pcalua.exe -a "C:\Program Files (x86)\CyberPower PowerPanel Business Edition\uninstall.exe"
Task: {19E65E29-0D99-4DAA-AD6C-9F1B63C78E50} - System32\Tasks\{E005C268-AE80-4E00-AEBE-F8177673091D} => Chrome.exe 
Task: {1B866B1B-B9E3-4FCD-B471-0DA722F09099} - System32\Tasks\{65F4C6AE-983D-417B-8BFB-817AED623827} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {369C3C0A-D993-42DD-B974-25B952C81577} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3CABE60B-A784-443F-86A6-1C62E5044815} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {5CC952D1-314E-4E73-92C9-31975C3D9882} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-17] (NVIDIA Corporation)
Task: {649D0C1E-20DC-4789-8B2B-52FA78371525} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-17] (NVIDIA Corporation)
Task: {678EF758-BA6E-4A87-9114-805ED93F746C} - System32\Tasks\{51912E62-4DD9-48A5-9E35-41A7B364B168} => pcalua.exe -a "C:\Users\blueice\Desktop\msicuu2 (1).exe" -d C:\Users\blueice\Desktop
Task: {6B0E9D1F-1F14-4BD9-ABD9-81D59CB263A1} - System32\Tasks\{DC5ACFD6-3A00-4963-8FCE-42F16E219ADD} => pcalua.exe -a C:\Users\blueice\Downloads\setup.exe -d C:\Users\blueice\Downloads
Task: {6E7E2198-9CE7-4C28-B4E8-C01FC29D9F21} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-17] (NVIDIA Corporation)
Task: {918502AE-7E20-43F4-937B-8EB8D531C2F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {ADB2AA1B-39D9-4447-8FD7-19A47340362F} - System32\Tasks\{74B397F5-41FE-4263-9692-5C7D03E80D6F} => pcalua.exe -a "C:\Users\blueice\Downloads\unetbootin-windows-585 (2).exe" -d C:\Users\blueice\Downloads
Task: {ADF4F3E5-BE95-46D1-B62B-232E1C08F28B} - System32\Tasks\disk errors => windows/system32/chkdsk.exe
Task: {B4F7E6BB-83FB-498C-80B7-FE27BE931DC5} - System32\Tasks\{44EB95BB-6BB5-486E-9805-3AE0A217306A} => pcalua.exe -a C:\Users\blueice\Desktop\BitMeter2\BitMeterInstaller.exe -d C:\Users\blueice\Desktop\BitMeter2
Task: {BA3DD62B-5273-4A7C-9AF9-C6EC7B44EBCB} - System32\Tasks\{8AEA9703-8BDC-4C3C-8C08-B41F9C836150} => pcalua.exe -a "D:\Windows 7_Vista\Setup.exe" -d "D:\Windows 7_Vista"
Task: {C9386DBD-EE25-47CD-84EC-BE9E4EC0B848} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-17] (NVIDIA Corporation)
Task: {CB39702F-BC14-4091-97AE-23618F43D900} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {D2165EBC-140C-46DD-96B3-ED3CCC281178} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {D4286C59-B2C5-43C1-A91D-8D19921437C5} - System32\Tasks\SparkTrust PC Cleaner Plus => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {DAD72402-7EDC-401D-A4FA-F198D57FDAD1} - System32\Tasks\{82D9CC13-4709-4C49-B0D0-0C786D656D93} => Chrome.exe 
Task: {DE5E8D08-15B9-4623-9AD2-6626C25835F1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DF19D1A6-4CC8-4DCA-B79A-AF0977953476} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-17] (NVIDIA Corporation)
Task: {E29CDC9B-3067-4496-A21B-C92A17AB5D3A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-17] (NVIDIA Corporation)
Task: {E86BAEFA-5577-41D3-88AF-9BE2AC8B41D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {EA222A7B-11BA-4336-B23B-D8FCB9C88202} - System32\Tasks\{E4D7714B-48B7-4C68-8320-44B8E5777D31} => pcalua.exe -a C:\ubuntu\uninstall-wubi.exe
Task: {EC782B11-6715-4A41-A9C2-E3E9E3D883E7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-17 09:05 - 2016-09-16 17:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-27 15:22 - 2016-09-17 01:11 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-27 15:22 - 2016-09-17 01:11 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-27 15:23 - 2016-09-17 01:11 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-02 02:41 - 2016-09-25 01:02 - 02279528 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-02 02:41 - 2016-09-25 01:02 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2015-09-28 15:10 - 2015-09-28 15:10 - 00088064 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2016-09-27 15:22 - 2016-09-16 23:40 - 00502328 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-27 15:22 - 2016-09-16 23:40 - 00257592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-27 15:22 - 2016-09-16 23:40 - 02799552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-27 15:22 - 2016-09-16 23:40 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-27 15:22 - 2016-09-16 23:40 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-27 15:22 - 2016-09-16 23:40 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-27 15:22 - 2016-09-16 23:40 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-10-17 09:06 - 2016-09-17 01:11 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-03-10 11:44 - 2014-03-10 11:44 - 00067728 _____ () C:\Program Files (x86)\Stardock\CursorFX\zlib1.dll
2016-10-09 20:58 - 2016-10-09 20:58 - 00098816 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32api.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00110080 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\pywintypes27.dll
2016-10-09 20:58 - 2016-10-09 20:58 - 00364544 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\pythoncom27.dll
2016-10-09 20:58 - 2016-10-09 20:58 - 00320512 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32com.shell.shell.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00776704 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_hashlib.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 01176576 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._core_.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00806400 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._gdi_.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00816128 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._windows_.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 01067008 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._controls_.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00733184 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._misc_.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00682496 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\pysqlite2._sqlite.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00088064 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_ctypes.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00119808 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32file.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00108544 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32security.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00007168 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\hashobjs_ext.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00017920 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\thumbnails_ext.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00088064 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\usb_ext.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00012800 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\common.time34.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00018432 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32event.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00167936 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32gui.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00046080 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_socket.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 01208320 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_ssl.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00128512 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_elementtree.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00127488 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\pyexpat.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00038912 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32inet.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00036864 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_psutil_windows.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00525208 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\windows._lib_cacheinvalidation.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00011264 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32crypt.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00077312 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._html2.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00027136 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_multiprocessing.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00020480 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\_yappi.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00035840 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32process.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00686080 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\unicodedata.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00078848 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._animate.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00123392 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\wx._wizard.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00024064 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32pipe.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00010240 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\select.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00025600 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32pdh.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00017408 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32profile.pyd
2016-10-09 20:58 - 2016-10-09 20:58 - 00022528 ____R () C:\Users\blueice\AppData\Local\Temp\_MEI48042\win32ts.pyd
2011-08-23 10:27 - 2011-08-23 10:27 - 03018752 _____ () C:\Program Files (x86)\CrystalControl2\wxmsw28_core_vc_cc2.dll
2011-08-23 10:26 - 2011-08-23 10:26 - 01306624 _____ () C:\Program Files (x86)\CrystalControl2\wxbase28_vc_cc2.dll
2011-08-23 10:27 - 2011-08-23 10:27 - 00770048 _____ () C:\Program Files (x86)\CrystalControl2\wxmsw28_adv_vc_cc2.dll
2015-08-27 10:53 - 2015-08-27 10:53 - 00114688 _____ () C:\Program Files (x86)\CrystalControl2\cc2_smart.dll
2015-08-27 10:54 - 2015-08-27 10:54 - 00086016 _____ () C:\Program Files (x86)\CrystalControl2\trans_fade_cont.dll
2015-08-27 10:54 - 2015-08-27 10:54 - 00086016 _____ () C:\Program Files (x86)\CrystalControl2\trans_fade_cont_bri.dll
2015-08-27 10:54 - 2015-08-27 10:54 - 00086016 _____ () C:\Program Files (x86)\CrystalControl2\trans_wipe_left.dll
2015-08-27 10:54 - 2015-08-27 10:54 - 00086016 _____ () C:\Program Files (x86)\CrystalControl2\trans_wipe_right.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptoPreventEventSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-09-19 00:39 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4068703826-4060866642-1060159371-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\blueice\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EBE06671-D116-4601-8D7D-496A4C34C63F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{36E8261F-42B3-4081-B636-AD0F67C59AD1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1B566A66-743C-4C04-9179-974D5467F466}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23C67B5F-BB31-4B74-AD68-96DAFF3B6C59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC25D84F-4365-4A7B-B2B8-F80BE51F906A}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{77870B27-E212-4B0F-80D2-89C6DA84ABFF}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{2178D724-A5E0-4F91-9DD8-0CA36AAF3D58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6B6F6E0D-A319-418B-987E-0123FE7021B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7E3FA192-0294-4B6E-A68E-9B4248F40421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A2C5EA24-BE69-4A59-8D33-23C850AABFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE8DBC80-8FB5-4D5A-A873-F528AC87143A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C88106BC-9415-4AAB-B84B-28A779B607C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF9FFD19-E57E-4997-AD97-02B265CCF3DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{028605BE-2621-4216-8DF2-3C3E097FDA19}] => (Allow) C:\Program Files (x86)\MaxSyncUp\msusvc.exe
FirewallRules: [{483401C3-3DD9-4ACE-A37F-73DA8DC9A1D7}] => (Allow) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe
FirewallRules: [{C73AAA23-5C31-4D06-BD9A-F6D39519B988}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{D5F82A8F-A455-4139-9F6D-EF2B7ED72446}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{CFD37533-BA4D-4A03-AC8B-EBF52DFAB73D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{0A41282B-87A0-49D9-BDDA-BC800B874798}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{BF00A686-6BAE-4E9E-8220-70887D95479A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{86DB4A35-0027-4F1D-841C-F75F407DB801}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{BA369EFC-22F9-4666-BD03-84BA6DE32972}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{0C2EA3F7-15CE-484D-A57D-F41E269E6928}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{517C0673-57CC-4565-A16D-4E290562C66D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0C3C1063-4802-483D-9B77-BA7BA39EC619}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{9A96C045-D68B-4773-96FF-CBC63032078F}C:\users\blueice\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\blueice\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3B6190C1-3023-493D-8AF5-EA24618DA5D0}C:\users\blueice\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\blueice\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D7281B1F-0853-40F3-B567-3FDF95C04192}C:\program files (x86)\crystalcontrol2\cc2_tray.exe] => (Allow) C:\program files (x86)\crystalcontrol2\cc2_tray.exe
FirewallRules: [UDP Query User{55E6BB7F-C25A-4400-9241-C8C85EBD726B}C:\program files (x86)\crystalcontrol2\cc2_tray.exe] => (Allow) C:\program files (x86)\crystalcontrol2\cc2_tray.exe
FirewallRules: [{A84232D2-4D0A-4E56-8565-3C11EC3DC926}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-09-2016 08:03:14 Removed InfraRecorder 0.53 (x64 edition)
29-09-2016 22:21:13 Installed Foxit PhantomPDF Standard
29-09-2016 22:27:40 Removed Foxit PhantomPDF Standard
30-09-2016 00:15:30 Installed Windows Installer Clean Up
30-09-2016 00:17:45 Installed Windows Installer Clean Up
30-09-2016 01:30:15 Installed Windows Installer Clean Up
02-10-2016 03:18:57 Removed EMET 5.2
03-10-2016 15:22:19 Removed Windows Installer Clean Up
09-10-2016 11:44:19 Installed Metadefender Endpoint
09-10-2016 17:50:33 Installed Metadefender Endpoint
09-10-2016 18:02:41 Installed Metadefender Endpoint
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2016 11:16:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\CrystalControl2\cc2_config.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (10/09/2016 11:16:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\CrystalControl2\cc2_config.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (10/09/2016 08:58:32 PM) (Source: cc2_winamp2_vis) (EventID: 3) (User: )
Description: ERROR    20160909-205832-0.001358s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
Error: (10/09/2016 08:58:30 PM) (Source: cc2_rfactor) (EventID: 3) (User: )
Description: ERROR    20160909-205830-0.001132s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
Error: (10/09/2016 08:58:30 PM) (Source: cc2_keyboard) (EventID: 3) (User: )
Description: ERROR    20160909-205830-0.009550s load_dll#267: could not load key_export2.dll
 
Error: (10/09/2016 08:58:30 PM) (Source: cc2_games) (EventID: 3) (User: )
Description: ERROR    20160909-205830-0.003043s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
Error: (10/09/2016 08:58:30 PM) (Source: cc2_foobar2000) (EventID: 3) (User: )
Description: ERROR    20160909-205830-0.002478s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
Error: (10/09/2016 08:58:29 PM) (Source: cc2_main) (EventID: 3) (User: )
Description: ERROR    20160909-205829-0.103638s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
Error: (10/09/2016 08:58:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/09/2016 07:17:45 PM) (Source: cc2_winamp2_vis) (EventID: 3) (User: )
Description: ERROR    20160909-191745-0.005617s smem_create_share#59: CreateFileMapping Global failed, trying Local
 
 
System errors:
=============
Error: (10/09/2016 08:58:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:58:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:58:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:58:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:58:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:58:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VirtDiskBus
 
Error: (10/09/2016 08:57:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EaseUS Agent Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/09/2016 08:57:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (10/09/2016 08:52:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/09/2016 08:52:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-19 00:36:42.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-19 00:36:42.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-19 00:36:42.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-19 00:36:42.827
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\blueice\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\blueice\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\SUPPORT\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\SUPPORT\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\blueice\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-18 20:09:27.130
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\blueice\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1055T Processor
Percentage of memory in use: 24%
Total physical RAM: 16381.24 MB
Available physical RAM: 12435.97 MB
Total Virtual: 32760.69 MB
Available Virtual: 28322.39 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:465.66 GB) (Free:390.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 77602CB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 69.2 GB) (Disk ID: 40AFA35B)
 
==================== End of Addition.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:36 PM

Posted 13 October 2016 - 11:41 AM

Hello blueicetwice and welcome to BleepingComputer!         :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 2 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please copy and paste the content of FRST.txt for my review as well. It should be in the same folder as addition.txt you already posted.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:36 PM

Posted 17 October 2016 - 12:40 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:36 PM

Posted 21 October 2016 - 12:41 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users