Topic: CRITICAL_PROCESS_DIED Crash Error
View Single Post
  #13  
Old June 22nd, 2016, 10:05 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi again,
Okay.
==============================
Please run:
Trend Micro Security 2015 and 10 (2016)+Trend Micro Titanium
https://esupport.trendmicro.com/en-u...t/1105809.aspx

TrendMicro HouseCall
http://support.it-mate.co.uk/?mode=P...caucleaner.zip
================================================== =======
Please uninstall:
Pando Networks
SettingsGuard
PC Performer
UnknownFile
Video Performer
searchalgo.com
C:\Program Files (x86)\Pando Networks
C:\Program Files (x86)\OLBPre
Please PC restart now.
================================================== =======
Step 1:
Run FRST fixlist
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
Code:
CreateRestorePoint:
CloseProcesses:
Task: {52D5706E-70B7-4A16-AE13-4A2122B4B3E0} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {5D812695-9858-4D43-9266-F34E948D2172} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {657D8B86-9EBA-4EE0-97CD-07C3F98B849F} - \SystemToolsDailyTest -> No File <==== ATTENTION
2015-03-31 08:09 - 2015-03-31 08:09 - 00868352 _____ () C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
C:\Program Files (x86)\PC Performer\sqlite3.dll
C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
C:\Program Files (x86)\PC Performer\PCPerformer.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {CBCBA567-B9F5-440F-9597-728857064E19} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g.dll => No File
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64 .dll => No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll => No File
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll => No File
IE Session Restore: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> is enabled.
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll No File
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-24] (Trend Micro Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\WINDOWS\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]
C:\windows\System32\Tasks\PC Performer Logon Scan
C:\windows\System32\Tasks\PC Performer Daily Check
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ C:\Program Files (x86)\GUTA05E.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 00000000 ____D C:\Program Files (x86)\GUMA05D.tmp
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:02 - 2016-06-19 13:02 - 00000000 ____D C:\Program Files (x86)\GUM90CA.tmp
C:\Users\Owner\AppData\Local\PMB Files
C:\Program Files (x86)\PC Performer
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
 C:\ProgramData\Trend Micro
C:\Program Files (x86)\OLBPre
C:\Users\Owner\Desktop\Thumbs.db
C:\Users\Owner\Downloads\Thumbs.db
2013-09-12 10:30 - 2013-09-12 10:30 - 0000000 _____ () C:\Program Files (x86)\error.dat
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ () C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ () C:\Program Files (x86)\GUTA05E.tmp
2014-04-06 18:16 - 2014-04-06 18:44 - 0006998 _____ () C:\Users\Owner\AppData\Roaming\data.sec
2014-11-09 19:08 - 2014-11-09 19:08 - 0000064 _____ () C:\Users\Owner\AppData\Local\0df296065d8b7004eef1f d7c1e1c4f9c
2014-06-25 17:47 - 2014-06-25 17:47 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-01-05 12:00 - 2013-01-05 12:00 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-05 11:57 - 2013-01-05 11:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-05 11:58 - 2013-01-05 11:59 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-05 11:57 - 2013-01-05 11:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-05 11:59 - 2013-01-05 12:00 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
C:\Users\Owner\AppData\Local\Temp
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
NOTICE: This script is written specifically for this computer!!!
  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.

Step 2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply
Reply With Quote