Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

javaws.exe*32


  • This topic is locked This topic is locked
6 replies to this topic

#1 RasberryRash

RasberryRash

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 03 April 2017 - 09:03 AM

Hi please can you help with removing malware/virus. 

 

I have windows 7 home premium.  Notice computer running slow for awhile and having problems with shutting word documents down.  I have Kaspersky security which is installed for free as part of bank service and that does not seem to pick it up.  

 

I checked process running and I have loads of javas.exe*32 running which makes my cpu usage 100%.  The only thing I remember doing just recently was trying to download adobe flash player.

 

I have followed first steps and downloaded farbar and will post logs in next posts.

 

Thank you in advance



BC AdBot (Login to Remove)

 


#2 RasberryRash

RasberryRash
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 03 April 2017 - 09:04 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Clare (administrator) on CLARE (03-04-2017 14:51:08)
Running from C:\Users\Clare\Downloads
Loaded Profiles: Clare (Available Profiles: Clare)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJFE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_127_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\6E9C5DA7-1671-45EF-9CDB-DE3FFFE37C70\DismHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-553778976-2158751083-3292780355-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJFE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D1578DEC-4E8B-4CFF-9B35-CE6B0EB67F09}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-553778976-2158751083-3292780355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
SearchScopes: HKU\S-1-5-21-553778976-2158751083-3292780355-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-553778976-2158751083-3292780355-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-09] (AO Kaspersky Lab)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-09] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-26] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-09] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-09] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-553778976-2158751083-3292780355-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-09] (AO Kaspersky Lab)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1477607129373
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-09]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-03-30] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-11-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035488 2017-03-30] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-09] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-30] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-30] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-31] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 14:51 - 2017-04-03 14:51 - 00012823 _____ C:\Users\Clare\Downloads\FRST.txt
2017-04-03 14:50 - 2017-04-03 14:51 - 00000000 ____D C:\FRST
2017-04-03 14:48 - 2017-04-03 14:48 - 02424832 _____ (Farbar) C:\Users\Clare\Downloads\FRST64.exe
2017-03-30 22:38 - 2017-03-30 22:38 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-30 19:49 - 2017-03-30 19:49 - 04089296 _____ C:\Users\Clare\Downloads\AdwCleaner.exe
2017-03-30 19:18 - 2017-03-30 19:18 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-03-30 19:18 - 2017-03-30 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-03-30 19:18 - 2017-03-30 19:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-30 15:14 - 2017-03-30 15:14 - 20119128 _____ (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player_ax.exe
2017-03-30 10:00 - 2017-03-30 10:00 - 00000000 ____D C:\ProgramData\Google
2017-03-29 15:15 - 2017-03-30 10:00 - 00000000 ____D C:\Program Files\Google
2017-03-04 15:39 - 2017-03-04 15:39 - 00000244 _____ C:\Users\Public\Desktop\Epson Connect Guide.url
2017-03-04 15:38 - 2012-11-12 16:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2017-03-04 15:38 - 2012-10-22 18:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-03 14:46 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-03 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-04-03 14:43 - 2016-11-19 17:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-04-03 14:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-31 14:52 - 2015-11-17 23:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-31 13:40 - 2016-11-19 18:10 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-31 13:32 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-31 13:32 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-31 08:39 - 2016-11-26 17:22 - 00000066 _____ C:\Windows\progress.ini
2017-03-31 08:39 - 2016-11-26 17:09 - 00000000 ___HD C:\$GetCurrent
2017-03-31 08:37 - 2015-08-06 10:24 - 00001890 _____ C:\Windows\diagwrn.xml
2017-03-31 08:37 - 2015-08-06 10:24 - 00001890 _____ C:\Windows\diagerr.xml
2017-03-30 22:38 - 2016-11-26 17:09 - 00000000 ____D C:\Windows10Upgrade
2017-03-30 22:38 - 2015-11-13 17:19 - 00000000 ____D C:\Windows\Panther
2017-03-30 20:15 - 2015-11-17 22:08 - 00000000 ____D C:\AdwCleaner
2017-03-30 19:18 - 2015-11-17 23:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-30 19:01 - 2016-10-30 20:24 - 00372590 _____ C:\Windows\ntbtlog.txt
2017-03-30 17:40 - 2016-11-19 17:59 - 01035488 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-03-30 17:40 - 2016-11-19 17:59 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-03-30 17:40 - 2016-06-14 18:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-03-30 17:40 - 2016-06-02 23:39 - 00135904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-03-30 15:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-30 15:15 - 2016-11-20 13:26 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-30 15:15 - 2013-12-22 11:11 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-30 15:15 - 2013-12-22 11:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-30 15:14 - 2013-12-22 11:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-30 15:14 - 2013-12-22 11:11 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-30 15:05 - 2013-12-21 15:13 - 00000000 ____D C:\Users\Clare
2017-03-30 14:02 - 2016-11-21 18:18 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2017-03-30 14:02 - 2016-11-20 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-30 14:02 - 2016-11-19 18:09 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-30 14:02 - 2016-11-19 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-03-30 14:02 - 2014-10-17 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-30 14:02 - 2013-12-22 14:21 - 00000000 ____D C:\Program Files\Common Files\EPSON
2017-03-30 14:02 - 2013-12-22 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-03-30 14:02 - 2013-12-22 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-03-30 14:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2017-03-30 14:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-03-30 14:01 - 2013-12-22 14:42 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Epson
2017-03-30 14:01 - 2013-12-22 11:13 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Macromedia
2017-03-30 14:01 - 2013-12-22 10:58 - 00000000 ____D C:\ProgramData\Oracle
2017-03-30 14:00 - 2016-11-19 17:59 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-30 14:00 - 2014-10-17 21:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-30 14:00 - 2013-12-22 14:12 - 00000000 ____D C:\Program Files (x86)\Epson Software
2017-03-30 14:00 - 2013-12-22 14:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-30 14:00 - 2013-12-22 14:11 - 00000000 ____D C:\Program Files\EpsonNet
2017-03-30 14:00 - 2013-12-22 14:11 - 00000000 ____D C:\Program Files (x86)\epson
2017-03-30 14:00 - 2013-12-22 14:08 - 00000000 ____D C:\ProgramData\EPSON
2017-03-30 14:00 - 2013-12-22 11:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-03-30 12:39 - 2016-11-21 18:18 - 00000000 ____D C:\Program Files (x86)\Bigasoft
2017-03-30 12:23 - 2015-11-12 14:57 - 00000000 ____D C:\Users\Clare\AppData\Local\ElevatedDiagnostics
2017-03-30 10:00 - 2013-12-22 11:05 - 00000000 ____D C:\Users\Clare\AppData\Local\Adobe
2017-03-30 10:00 - 2013-12-21 22:00 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-30 00:40 - 2013-12-21 22:00 - 00000000 ____D C:\Users\Clare\AppData\Local\Google
2017-03-29 13:36 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2016-11-21 17:19 - 2016-11-21 17:19 - 0000096 _____ () C:\Users\Clare\AppData\Roaming\settings.xml
2015-11-14 10:42 - 2015-11-17 19:36 - 0007605 _____ () C:\Users\Clare\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-02 01:01
==================== End of FRST.txt ============================

Edited by Oh My!, 07 April 2017 - 09:48 AM.


#3 RasberryRash

RasberryRash
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 03 April 2017 - 09:05 AM

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Clare (03-04-2017 14:52:36)
Running from C:\Users\Clare\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-21 14:13:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-553778976-2158751083-3292780355-500 - Administrator - Disabled)
Clare (S-1-5-21-553778976-2158751083-3292780355-1000 - Administrator - Enabled) => C:\Users\Clare
Guest (S-1-5-21-553778976-2158751083-3292780355-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{0B2D3E45-00C6-4AEE-ADD4-E6E329D67A79}) (Version: 3.0.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
Epson Network Guide XP-750 Series (HKLM-x32\...\XP-750 Series Netg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide XP-750 Series (HKLM-x32\...\XP-750 Series Useg) (Version:  - )
EPSON XP-750 Series Printer Uninstall (HKLM\...\EPSON XP-750 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Free VOB To MP4 Converter (HKLM-x32\...\{91F8F9B9-D73E-4F5B-B386-7D203DDE4094}) (Version: 1.0.0 - Convert Audio Free)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-553778976-2158751083-3292780355-1000\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-553778976-2158751083-3292780355-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Clare\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4535A534-ADC6-457A-A27E-593BEDBF29CE} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {58483B96-6B34-46D1-8A3A-2BF33C030A0D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {832A1CE5-F36C-417F-8541-58280A3A3C08} - System32\Tasks\{227BFF4F-5690-467C-94CA-47AE509453C3} => pcalua.exe -a "C:\Program Files (x86)\Belarc\BelarcAdvisor\Uninstall.exe" -c "C:\Program Files (x86)\Belarc\BelarcAdvisor\INSTALL.LOG"
Task: {C3F2B35F-CA4B-4DE5-AE4B-1309CF07796B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-30] (Adobe Systems Incorporated)
Task: {EBFD9E3F-BC10-410B-A0DA-5751662AAD7A} - System32\Tasks\{59E1B052-0A23-4838-A674-631529811D51} => pcalua.exe -a "C:\Users\Clare\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\Clare\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-553778976-2158751083-3292780355-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Clare\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{69F0BE90-CB8F-40A0-99E5-6C94297C486C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D0D09AB1-8A58-436B-B35D-3884B6484E26}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{33A590D9-2D71-4647-BBED-961176A4ED3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E176E3D6-E205-40CC-8E8A-CE59454DBB76}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

==================== Restore Points =========================

27-02-2017 13:46:14 Windows Backup
04-03-2017 14:50:05 Device Driver Package Install: EPSON Printers
04-03-2017 14:51:49 Revo Uninstaller's restore point - Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
04-03-2017 14:52:48 Removed Easy Photo Print Plug-in for PMB(Picture Motion Browser)ý,œB
04-03-2017 15:34:31 Device Driver Package Install: EPSON Printers
04-03-2017 15:38:29 Installed Epson Event Manager
06-03-2017 10:25:23 Windows Backup
16-03-2017 15:51:04 Windows Backup
25-03-2017 19:57:44 Windows Backup
29-03-2017 21:48:54 Revo Uninstaller's restore point - Kaspersky Secure Connection
29-03-2017 23:19:04 Revo Uninstaller's restore point - Adobe Flash Player 25 ActiveX
30-03-2017 00:38:38 Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
30-03-2017 00:39:58 Revo Uninstaller's restore point - Google Chrome
30-03-2017 00:55:31 Revo Uninstaller's restore point - Adobe Flash Player 25 PPAPI
30-03-2017 00:59:40 Revo Uninstaller's restore point - Adobe Acrobat Reader DC
30-03-2017 12:35:24 Restore Operation
30-03-2017 13:51:38 Windows Backup
30-03-2017 13:58:06 Restore Operation
30-03-2017 15:10:42 Windows Update
03-04-2017 14:51:52 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2017 02:43:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/31/2017 01:25:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/31/2017 08:40:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/31/2017 05:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14275.1000, time stamp: 0x56e8dec4
Faulting module name: aeinv.dll, version: 10.0.14275.1000, time stamp: 0x5702ac38
Exception code: 0xc0000005
Fault offset: 0x000000000000ece7
Faulting process id: 0xa94
Faulting application start time: 0x01d2a9d32e67740d
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\system32\aeinv.dll
Report Id: 91a48b15-15c6-11e7-ade4-2c27d7da7823

Error: (03/30/2017 08:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 07:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xb38
Faulting application start time: 0x01d2a981ba59401f
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: fae09174-1574-11e7-b6de-2c27d7da7823

Error: (03/30/2017 07:08:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 07:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x794
Faulting application start time: 0x01d2a98044dfe555
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 8b8ca43e-1573-11e7-961e-e3bf1a2809cf

Error: (03/30/2017 07:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x720
Faulting application start time: 0x01d2a98028e558bc
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 6f8fb646-1573-11e7-961e-e3bf1a2809cf

Error: (03/30/2017 07:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x648
Faulting application start time: 0x01d2a9801874d7d8
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 609e72ed-1573-11e7-961e-e3bf1a2809cf

System errors:
=============
Error: (04/03/2017 02:41:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:12:54 on ‎31/‎03/‎2017 was unexpected.

Error: (03/31/2017 03:12:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout.

Error: (03/30/2017 09:51:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (03/30/2017 09:51:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (03/30/2017 09:51:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (03/30/2017 09:51:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (03/30/2017 09:07:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/30/2017 09:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/30/2017 08:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/30/2017 08:16:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

CodeIntegrity:
===================================
  Date: 2016-11-13 14:21:45.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 10:15:05.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 08:05:28.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 01:05:55.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 01:01:45.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 01:00:20.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 00:59:25.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 00:53:05.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 00:14:30.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-13 00:08:05.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sechost.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 3998.91 MB
Available physical RAM: 2114.79 MB
Total Virtual: 7996.01 MB
Available Virtual: 5616.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.22 GB) (Free:393.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.24 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D14788A4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 AM

Posted 07 April 2017 - 09:46 AM

Greetings RasberryRash and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 AM

Posted 07 April 2017 - 12:08 PM

Thank you,

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to Verify Java version
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Install
  • Uncheck all optional offers
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
  • Reboot your computer and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java update?
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 AM

Posted 10 April 2017 - 04:03 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 AM

Posted 12 April 2017 - 09:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users