Author Topic: [Inactive] Possible malware...?  (Read 2867 times)

Offline jj8219

  • Bronze Member
  • Posts: 30
[Inactive] Possible malware...?
« on: July 25, 2015, 05:48:49 PM »
Ok. I'm not sure if this is malware related. When I start up the laptop normally, it would was getting really slow when there was an update it seemed to be worse. Upon shutdown, a box popped up saying there was a program running in the background - force shutdown. Now all it does on normal startup is logon then goes to a cmd prompt and freezes.  Before it got that bad I was able to run Kaspersky Internet Security, malwarebytes, and kaspersky virus removal tool. You guys have helped me before and I appreciate it!

Thanks,
Jenn

Here's the logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2009 12:02:04 PM
System Uptime: 7/25/2015 5:51:29 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 3612
Processor: Pentium(R) Dual-Core CPU       T4300  @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 231.801 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP257: 5/22/2015 10:29:28 PM - Scheduled Checkpoint
RP258: 5/29/2015 11:22:18 PM - Scheduled Checkpoint
RP259: 6/6/2015 5:46:38 AM - Scheduled Checkpoint
RP260: 6/13/2015 4:07:36 PM - Scheduled Checkpoint
RP261: 6/20/2015 11:49:04 PM - Scheduled Checkpoint
RP262: 6/30/2015 2:32:14 AM - Scheduled Checkpoint
RP263: 7/7/2015 7:55:18 PM - Scheduled Checkpoint
RP264: 7/15/2015 7:57:17 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Reader 9.5.5 MUI
Atheros Driver Installation Program
BufferChm
C5500
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Destinations
DeviceDiscovery
DivX Setup
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Driver Diagnostics
HP DVD Play 3.7
HP Games
HP Imaging Device Functions 13.0
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.1.8.1057
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
MSVC80_x64
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
Network64
PC Connectivity Solution
Power2Go
PowerDirector
PowerRecover
PS_AIO_04_C5500_Software_Min
PS_AIO_06_B209a-m_SW_Min
QLBCASL
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Samsung PC Studio 7
SamsungConnectivityCableDriver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shop for HP Supplies
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wokiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 wokiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wokiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wokiper
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wokiper
TurboTax 2013 wrapper
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wokiper
TurboTax 2014 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
WebReg
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/25/2015 6:26:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/25/2015 6:25:51 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
7/25/2015 6:22:06 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 5:52:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/25/2015 5:52:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/25/2015 5:52:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/25/2015 5:52:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/25/2015 5:51:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:
7/25/2015 2:22:19 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:54:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
7/25/2015 12:53:46 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.2 service.
7/25/2015 12:52:16 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
7/25/2015 12:48:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ServiceLayer service to connect.
7/25/2015 12:48:12 PM, Error: Service Control Manager [7000]  - The ServiceLayer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 12:45:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/25/2015 12:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
7/25/2015 12:44:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
7/25/2015 12:40:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
7/25/2015 12:40:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
7/25/2015 12:40:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
7/25/2015 12:40:37 PM, Error: Service Control Manager [7000]  - The hpqwmiex service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 1:34:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
7/25/2015 1:13:24 PM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.
7/24/2015 6:54:49 AM, Error: Schannel [36887]  - The following fatal alert was received: 40.
7/24/2015 11:49:41 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
7/24/2015 11:49:41 AM, Error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2015 10:24:25 PM, Error: Service Control Manager [7034]  - The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
7/22/2015 5:57:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/22/2015 5:57:38 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/22/2015 5:57:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv AFD CSVirtualDiskDrv DfsC discache klhk KLIF KLIM6 klpd kltdi Klwtp kneps NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 11.31.2
Run by Jake at 18:27:58 on 2015-07-25
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3003.2307 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [S60 PC Suite Tray] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
dRun: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://energy1.xtoenergy.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\2375942554135343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\2375942554436343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\86F6F646 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\96E6475627E65647 : DHCPNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\F657D27657563747 : DHCPNameServer = 10.0.252.10 10.0.252.11
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 27955973;27955973;C:\Windows\System32\drivers\27955973.sys [2015-4-21 460888]
R0 48020394;48020394;C:\Windows\System32\drivers\48020394.sys [2014-4-21 460888]
R0 76FA235B;76FA235B;C:\Windows\System32\drivers\76FA235B.sys [2015-7-25 457824]
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);C:\Windows\System32\drivers\cm_km_w.sys [2013-1-14 247016]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-4-22 84536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-10-10 39280]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-10-9 65208]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2014-11-22 85360]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2014-11-28 159960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-6 215040]
S1 6090070drv;6090070drv;C:\Windows\System32\drivers\6090070drv.sys [2014-4-21 556632]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-4-22 66616]
S1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2014-10-22 225976]
S1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 24944]
S1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-11-10 190648]
S2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [2014-12-23 194000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
S2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2014-8-19 64368]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-21 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-21 1133880]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-10-30 40304]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-8-8 39280]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-13 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-21 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-21 63704]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2015-07-25 18:58:48   457824   ----a-w-   C:\Windows\System32\drivers\76FA235B.sys
2015-07-25 18:58:43   --------   d-----w-   C:\KVRT_Data
2015-07-24 04:59:31   113880   ----a-w-   C:\Windows\System32\drivers\1F200A4F.sys
.
==================== Find3M  ====================
.
2015-07-25 19:19:39   113880   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-15 07:24:18   778416   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 07:24:17   142512   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-30 08:50:01   225976   ----a-w-   C:\Windows\System32\drivers\klhk.sys
2015-06-23 17:25:37   85360   ----a-w-   C:\Windows\System32\drivers\klwtp.sys
2015-06-23 17:25:37   65208   ----a-w-   C:\Windows\System32\drivers\kltdi.sys
2015-06-23 17:25:37   24944   ----a-w-   C:\Windows\System32\drivers\klpd.sys
2015-06-23 17:25:37   190648   ----a-w-   C:\Windows\System32\drivers\kneps.sys
2015-06-23 17:25:36   39280   ----a-w-   C:\Windows\System32\drivers\klim6.sys
2015-06-23 17:25:35   64368   ----a-w-   C:\Windows\System32\drivers\kldisk.sys
2015-06-23 17:25:34   478392   ----a-w-   C:\Windows\System32\drivers\kl1.sys
2015-06-23 17:20:55   39280   ----a-w-   C:\Windows\System32\drivers\klmouflt.sys
2015-06-23 17:20:54   40304   ----a-w-   C:\Windows\System32\drivers\klkbdflt.sys
2015-06-23 17:20:50   159960   ----a-w-   C:\Windows\System32\drivers\klflt.sys
2015-06-23 17:20:40   247016   ----a-w-   C:\Windows\System32\drivers\cm_km_w.sys
2015-06-18 13:41:56   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-06-18 13:41:44   109272   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 13:41:40   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:28:06.73 ===============
« Last Edit: July 25, 2015, 06:22:41 PM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Possible malware...?
« Reply #1 on: July 25, 2015, 06:22:16 PM »
Howdy, it is Hoov again. I believed I have helped you at least once before. Along with helping users like you, I also train malware removal specialists. Would you mind if I had my current trainee work with you? I will be keeping an eye on him and making sure that he does not make your system a book end.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #2 on: July 25, 2015, 07:42:39 PM »
Hello Hoov! I don't mind at all. Any help is appreciated.  :)1

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #3 on: July 26, 2015, 02:06:12 PM »
 
 
Hello jj9812,

I am Platypuss & I will be helping you with your problem  :)1

As you aware I am a trainee but Hoov will be checking all my posts
so you will get the highest standard of service.

My apologies for the delay, I am about to look at your log.

Platypuss

Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #4 on: July 26, 2015, 08:57:42 PM »
My dad turned his computer on just to see what happened and it started up so I got the reports with it running since they were different (not in safe mode). I hope this doesn't make it more complicated for you. Sorry!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 11.31.2
Run by Jake at 21:41:41 on 2015-07-26
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3003.1289 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [S60 PC Suite Tray] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
dRun: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://energy1.xtoenergy.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\2375942554135343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\2375942554436343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\86F6F646 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\96E6475627E65647 : DHCPNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{2480A913-11A3-4145-9A83-C2C259BD4131}\F657D27657563747 : DHCPNameServer = 10.0.252.10 10.0.252.11
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 27955973;27955973;C:\Windows\System32\drivers\27955973.sys [2015-4-21 460888]
R0 48020394;48020394;C:\Windows\System32\drivers\48020394.sys [2014-4-21 460888]
R0 76FA235B;76FA235B;C:\Windows\System32\drivers\76FA235B.sys [2015-7-25 457824]
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);C:\Windows\System32\drivers\cm_km_w.sys [2013-1-14 247016]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-4-22 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-4-22 66616]
R1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2014-10-22 225976]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-10-10 39280]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 24944]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-10-9 65208]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2014-11-22 85360]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-11-10 190648]
R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [2014-12-23 194000]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2014-8-19 64368]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-21 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-21 1133880]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2014-11-28 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-10-30 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-8-8 39280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-21 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-21 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-6 215040]
S1 6090070drv;6090070drv;C:\Windows\System32\drivers\6090070drv.sys [2014-4-21 556632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2015-07-25 18:58:48   457824   ----a-w-   C:\Windows\System32\drivers\76FA235B.sys
2015-07-25 18:58:43   --------   d-----w-   C:\KVRT_Data
2015-07-24 04:59:31   113880   ----a-w-   C:\Windows\System32\drivers\1F200A4F.sys
.
==================== Find3M  ====================
.
2015-07-27 01:54:19   113880   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-15 07:24:18   778416   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 07:24:17   142512   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-30 08:50:01   225976   ----a-w-   C:\Windows\System32\drivers\klhk.sys
2015-06-23 17:25:37   85360   ----a-w-   C:\Windows\System32\drivers\klwtp.sys
2015-06-23 17:25:37   65208   ----a-w-   C:\Windows\System32\drivers\kltdi.sys
2015-06-23 17:25:37   24944   ----a-w-   C:\Windows\System32\drivers\klpd.sys


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2009 12:02:04 PM
System Uptime: 7/26/2015 8:50:29 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 3612
Processor: Pentium(R) Dual-Core CPU       T4300  @ 2.10GHz | CPU | 1197/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 231.8 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP257: 5/22/2015 10:29:28 PM - Scheduled Checkpoint
RP258: 5/29/2015 11:22:18 PM - Scheduled Checkpoint
RP259: 6/6/2015 5:46:38 AM - Scheduled Checkpoint
RP260: 6/13/2015 4:07:36 PM - Scheduled Checkpoint
RP261: 6/20/2015 11:49:04 PM - Scheduled Checkpoint
RP262: 6/30/2015 2:32:14 AM - Scheduled Checkpoint
RP263: 7/7/2015 7:55:18 PM - Scheduled Checkpoint
RP264: 7/15/2015 7:57:17 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Reader 9.5.5 MUI
Atheros Driver Installation Program
BufferChm
C5500
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
Destinations
DeviceDiscovery
DivX Setup
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Driver Diagnostics
HP DVD Play 3.7
HP Games
HP Imaging Device Functions 13.0
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.1.8.1057
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
MSVC80_x64
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
Network64
PC Connectivity Solution
Power2Go
PowerDirector
PowerRecover
PS_AIO_04_C5500_Software_Min
PS_AIO_06_B209a-m_SW_Min
QLBCASL
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Samsung PC Studio 7
SamsungConnectivityCableDriver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shop for HP Supplies
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wokiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 wokiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wokiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wokiper
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wokiper
TurboTax 2013 wrapper
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wokiper
TurboTax 2014 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
WebReg
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/26/2015 9:02:05 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
7/26/2015 8:59:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
7/26/2015 8:59:18 PM, Error: Service Control Manager [7000]  - The Intuit Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/26/2015 8:58:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
7/26/2015 8:56:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
7/26/2015 8:56:41 PM, Error: Service Control Manager [7000]  - The HP Health Check Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/26/2015 8:54:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/26/2015 8:51:32 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:
7/25/2015 6:26:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/25/2015 6:22:06 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 5:52:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/25/2015 5:52:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/25/2015 5:52:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/25/2015 5:52:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:56:57 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/25/2015 12:54:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
7/25/2015 12:53:46 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.2 service.
7/25/2015 12:52:16 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
7/25/2015 12:48:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ServiceLayer service to connect.
7/25/2015 12:48:12 PM, Error: Service Control Manager [7000]  - The ServiceLayer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 12:45:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/25/2015 12:44:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
7/25/2015 12:44:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
7/25/2015 12:40:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
7/25/2015 12:40:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
7/25/2015 12:40:37 PM, Error: Service Control Manager [7000]  - The hpqwmiex service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 1:34:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
7/25/2015 1:13:24 PM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.
7/24/2015 6:54:49 AM, Error: Schannel [36887]  - The following fatal alert was received: 40.
7/24/2015 11:49:41 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
7/24/2015 11:49:41 AM, Error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2015 10:24:25 PM, Error: Service Control Manager [7034]  - The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
7/22/2015 5:57:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/22/2015 5:57:38 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/22/2015 5:57:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv CSVirtualDiskDrv discache klhk KLIF klpd kneps spldr Wanarpv6
6090070drv AFD CSVirtualDiskDrv DfsC discache klhk KLIF KLIM6 klpd kltdi Klwtp kneps NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
6090070drv
.
==== End Of File ===========================


Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #5 on: July 27, 2015, 08:16:32 AM »



Hello.

I would like you to check your proxy settings please:-

  • Press Start button. Then Control Panel -Internet Options
  • In the internet options box select the Connections tab
  • Next click on LAN settings
  • Make sure that the following are UNchecked:-
  • 1 Automatically Detect Settings
  • 2 Use Automatic configuartion Scripted
  • 3 Use Proxy Settings for LAN


Click Apply and then OK
Now Reboot & try to access the internet again



Providing that you can get back online we still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

   **Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

  • Go to Eset web page HEREto run an online scan from ESET.

       
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
       
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
       
  • When asked, allow the add/on to be installed
  • Click Start
       
  • Make sure that the option "Remove found threats"  is ticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
       
  • Click Scan
       
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
   
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

   
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
       
  • put a checkmark in "Uninstall application on close"
       
  • click onFinish
Close program
Copy and paste the report in your next reply please

platypuss



« Last Edit: July 27, 2015, 08:29:41 AM by PLATYPUSS »

Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #6 on: July 27, 2015, 11:33:48 AM »
Here is the new ESET SCAN and it some things:

C:\Users\Jake\AppData\Local\Temp\ApnStub.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK1998.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK1E2A.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK2673.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK3DDB.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK4450.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK44CC.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK473D.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK4866.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK5273.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK5CD.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6086.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6087.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6642.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK8D7.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKA0A8.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKAD7E.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKB72C.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKEE26.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\NEW7E06.tmp.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\faq_8A71AEBB623B46A0B934103F1A762800.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\FTsc_94F4507362A24B9B9BA6A29A1AFF037E.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut1_A47BC27445824FCF8A8FDFE7347B3885.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut_B53671B5D9A445549437680533116875.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\UninstallIcon.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #7 on: July 28, 2015, 01:57:10 AM »
  Some progress made but more checks required please:-

  Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
>>>>>>>>>>>>>>>>>>

Download Security Check from HERE  or HERE  and save it to your Desktop.
  • Double-click SecurityCheck.exe
       
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

platypuss.




Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #8 on: July 28, 2015, 08:35:20 AM »
After running the AdwCleaner, internet explorere was VERY slow! Not sure why but here are the logs:

# AdwCleaner v4.208 - Logfile created 28/07/2015 at 09:00:08
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : Jake - JAKE-PC
# Running from : C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ3XHS73\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

  • Service Deleted : YahooAUService
  • Service Deleted : 27955973
  • Service Deleted : 48020394


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
[!] Folder Deleted : C:\Windows\System32\drivers\hosts
Folder Deleted : C:\Users\Jake\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Jake\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\byvql1wl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\drivers\27955973.sys
File Deleted : C:\Windows\System32\drivers\48020394.sys

***** [ Scheduled tasks ] *****

Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : Validate Installation

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v

[byvql1wl.default\prefs.js] - Line Deleted : user_pref("browser.search.order.2", "Ask.com");

*************************

AdwCleaner[R0].txt - [5228 bytes] - [28/07/2015 08:53:19]
AdwCleaner[S0].txt - [5116 bytes] - [28/07/2015 09:00:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5175  bytes] ##########



 Results of screen317's Security Check version 1.006 
 Windows 7  x64 (UAC is enabled) 
 Out of date service pack!![/b]
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209 
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #9 on: July 29, 2015, 01:29:37 AM »

  Thanks for the information on computer running state  :)1 

  Would you please update & run your copy of Malwarebytes Anti Malware (MBAM) :-


Please locate, then double-click Malwarebytes click Update tab>>>Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has finished updating please select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

>>>>>>>>>>


Please download MiniToolBox and run it.

Checkmark following boxes:
   
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result here please

Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #10 on: July 29, 2015, 09:11:21 AM »
I may be a bit delayed in the next response because I'm going out of town. Thanks for all of your help! Here are the new reports:
 MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Jake (administrator) on 29-07-2015 at 10:05:50
Running from "C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3H1AOKX"
Microsoft Windows 7 Home Premium   (X64)
Model: HP G60 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jake-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 0C-EE-E6-C7-EA-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:8040:91f0::49(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, July 29, 2015 9:48:55 AM
   Lease Expires . . . . . . . . . . : Friday, August 28, 2015 9:48:55 AM
   IPv6 Address. . . . . . . . . . . : 2602:306:8040:91f0:b0ca:3efd:c71a:5cf2(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:8040:91f0:dcfe:3e8a:c0b5:c4c8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::b0ca:3efd:c71a:5cf2%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, July 29, 2015 9:48:53 AM
   Lease Expires . . . . . . . . . . : Thursday, July 30, 2015 9:48:54 AM
   Default Gateway . . . . . . . . . : fe80::8e7f:3bff:fe66:a70%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 319614694
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-86-3F-D8-00-1F-16-EF-82-C8
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-EF-82-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4000:80b::200e
     216.58.218.174


Pinging google.com [2607:f8b0:4000:80a::200e] with 32 bytes of data:
Reply from 2607:f8b0:4000:80a::200e: time=29ms
Reply from 2607:f8b0:4000:80a::200e: time=28ms

Ping statistics for 2607:f8b0:4000:80a::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
     2001:4998:44:204::a7
     2001:4998:58:c02::a9
     206.190.36.45
     98.138.253.109
     98.139.183.24


Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Reply from 2001:4998:c:a06::2:4008: time=110ms
Reply from 2001:4998:c:a06::2:4008: time=110ms

Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 110ms, Average = 110ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...0c ee e6 c7 ea d4 ......Atheros AR9285 802.11b/g/n WiFi Adapter
 11...00 1f 16 ef 82 c8 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.68     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.68    281
     192.168.1.68  255.255.255.255         On-link      192.168.1.68    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.68    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.68    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.68    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::8e7f:3bff:fe66:a70
  1    306 ::1/128                  On-link
 13     33 2602:306:8040:91f0::/64  On-link
 13     41 2602:306:8040:91f0::/64  fe80::8e7f:3bff:fe66:a70
 13    281 2602:306:8040:91f0::49/128
                                    On-link
 13    281 2602:306:8040:91f0:b0ca:3efd:c71a:5cf2/128
                                    On-link
 13    281 2602:306:8040:91f0:dcfe:3e8a:c0b5:c4c8/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::b0ca:3efd:c71a:5cf2/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2015 06:15:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2015 06:09:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/24/2015 10:24:25 PM) (Source: Intuit Update Service) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/22/2015 12:29:45 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1408

Start Time: 01d0c4a3ee2b7546

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (07/21/2015 03:24:22 PM) (Source: Intuit Update Service) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/18/2015 09:33:06 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12fc

Start Time: 01d0c1bc262d465b

Termination Time: 110

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (07/18/2015 05:43:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2015 05:39:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/15/2015 07:52:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2015 07:51:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (07/29/2015 09:49:14 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 09:49:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
6090070drv

Error: (07/29/2015 09:49:00 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 09:48:54 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 08:50:08 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 08:49:14 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 08:49:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
6090070drv

Error: (07/29/2015 08:49:01 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 06:36:00 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/29/2015 05:14:37 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-28 06:15:03.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:03.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 06:15:02.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-18 05:42:41.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5500 (HKLM-x32\...\{354D401F-05B6-4A1D-8E92-47C1BBC5302C}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.51 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Driver Diagnostics (HKLM-x32\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (HKLM-x32\...\{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (HKLM-x32\...\{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (HKLM-x32\...\{B28635AB-1DF3-4F07-BFEA-975D911B549B}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}) (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
MSVC80_x64 (HKLM\...\{68660049-8D48-427C-9FF7-139D8340CDC0}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (HKLM-x32\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}) (Version: 7.0.40.10061 - muvee Technologies Pte Ltd)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
PS_AIO_04_C5500_Software_Min (HKLM-x32\...\{6DD5A7FC-0DC3-4BCC-BCDF-3A4EBE565799}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_06_B209a-m_SW_Min (HKLM-x32\...\{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3003.19 MB
Available physical RAM: 1619.63 MB
Total Virtual: 6004.52 MB
Available Virtual: 4416.17 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:286.01 GB) (Free:233.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.88 GB) (Free:2 GB) NTFS

========================= Users: ========================================

User accounts for \\JAKE-PC

Administrator            Guest                    Jake                     


**** End of log ****


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/29/2015
Scan Time: 8:54 AM
Logfile: malbytesres.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.29.03
Rootkit Database: v2015.07.29.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Jake

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428339
Time Elapsed: 41 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #11 on: July 30, 2015, 08:05:32 AM »

Thanks for the advice on your delayed response, enjoy your trip  :)1

Reset your hosts file
  • Please download a new hosts file HERE
  • Inside the pop up box select Save & let it download.
  • The default location is in your download folder.
  • Right click on it (hosts) then click on Extract All from the menu.
  • Make sure there is a check in the "Show extracted files when complete"option
  • In the next window click on MVPS (Windows batch file) & select Run on the security Warning window which will allow the file to be moved to its default location.
  • Click any key on the completed cmd.exe window to finish.
>>>>>>>>>>

 Please reset your winsock stack with adminstrater privileges as follows:
  • Press Start & in the search programs & files box type cmd
  • Now press Control+Alt+Enter simultaneously which brings up the cmd box (With administrative privilege
  • Please type netsch winsock reset then Enter
  • Wait for the Command Prompt to run through the reset. Once it’s complete, you’ll see the message “Winsock reset completed successfully”.
  • Restart your computer.
>>>>>>>>>>>>>>
Your Windows Operating System urgently needs updating to SP1.
 The recommended (and easiest) way to get SP1 is to turn on automatic updating in Windows Update in Control Panel, and wait for Windows 7 to notify you that SP1 is ready to install. It takes about 30 minutes to install, and you'll need to restart your computer about halfway through the installation.
Proceed as follows:-
  • Click  Start, type Windows update in the search box, and then click Windows Update in the programs list
  • In the left pane, click Change settings.
  • In Important updates select install updates automatically (recommended)
  • With recommended updates it is your choice whether or not you want them.
  • In Microsoft Update untick the box
  • Click OK  & allow updating to begin.
Let me know how these tasks go & how the computer is running please.


Offline jj8219

  • Bronze Member
  • Posts: 30
Re: [In Progress] Possible malware...?
« Reply #12 on: August 02, 2015, 12:20:28 PM »
I'm back!! I got the hosts files reset. I tried to reset the winsock stack but got some message like netsch is not valid. I don't quite remember but it wouldn't let me. I did get the main Windows updates. I have told him in the past to not turn off updates because he never checks for them. Internet Explorer was running just fine afterwards as was his computer.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #13 on: August 03, 2015, 09:14:28 AM »

 Welcome back :)1. Good that the update went smoothly & computer is running better.
My apologies, I made a script error in the Winsock reset, please run it again

First please reset your winsock stack with adminstrater privileges as follows:

  • Press Start & in the search programs & files box type cmd
  • Now press Control+Alt+Enter simultaneously which brings up the cmd box (With administrative privilege)
  • Please type netsh winsock reset then Enter
  • Wait for the Command Prompt to run through the reset. Once it’s complete, you’ll see the message       “Winsock reset completed successfully”.
  • .Restart your computer.
.


Should it fail to reset correctly, please try this:-

 We need to run sfc /scannow to check for missing or corrupt file:-
 
  • To do this, click Start, type Command Prompt or cmd in the Search box, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • At the command prompt, type the following command, and then press ENTER:

sfc /scannow
  • The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
    The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

  • Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.
  • After the process is finished, you may receive one of the following messages:
  • Windows Resource Protection did not find any integrity violations.
  • This means that you do not have any missing or corrupted system files.
  • If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to.

  • Windows Resource Protection could not perform the requested operation.

  • To resolve this problem, perform the System File Checker scan in safe mode, and make sure that the PendingDeletes and PendingRenames folders exist under %WinDir%\WinSxS\Temp.
  • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

  • To view the detail information about the system file scan and restoration, go to How to view details of the System File Checker process.
  • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Should you need to replace missing/corrupted files with your  Windows installer DVD, details are provided HERE
>>>>>>>>>>>>>>

Please download Delfix by Xplode and save it to your desktop.

Or use the following if first link is down:

Delfix link mirror

Double Click to start the program. Then, please right-click and choose run as administrator

Make Sure the following items are checked:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings


Now click on Run and wait patiently until the tool has completed.

The tool will create a log when it has completed. I don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:C:\Windows\ERUNT.
>>>>>>>>>>>>
Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

  • Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
  • Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.
  • WOT,(Web of Trust), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
[COLOR=yellow]Yellow [/COLOR]for caution
Red to stop
WOT has an addon available for both Firefox and IE.

  • Be sure to update your Antivirus and Antispyware programs frequently!
  • Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
Platypuss









Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 444
Re: [In Progress] Possible malware...?
« Reply #14 on: August 06, 2015, 02:56:14 AM »

Hello jj8219,

Are you still with me ?

Platypuss