Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conime.exe


  • Please log in to reply
8 replies to this topic

#1 gienie

gienie

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 31 January 2013 - 08:47 PM

Again I am having a problem. A bit different this time........randoms shut downs, finding a conime.exe file from unknown author in my startup after I disable. Restore points gone and amount of space for these points back at zero after I set so many gbs. I had several good virus removal tools from you but have changed OS and they are gone now. I went from XP pro to Win7 Ult. I have downloaded what I could locate in downloads and will be running those. I know you have something called Tool Box I have not found yet. Also this last shut down added my keyboard again and 4 "unknown devices" marked with a ! in device manager. Some of the forums I read asked was I rebooting from xp and win7. I deleted the xp backup and emptied my recycle, but when I restart it is still asking me from win7 or older os so it must still be there. I have run malwarebytes, nothing. Going to run TDSS killer and rkill and will be checking back.

Thanks for your time and trouble.

Edited by Orange Blossom, 31 January 2013 - 09:02 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:02 PM

Posted 01 February 2013 - 12:40 PM

Hello,post the TDDS and RKill logs with these...


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 01 February 2013 - 12:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 gienie

gienie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 01 February 2013 - 03:01 PM

Ok I will start doing these. I did just want to add that while running aswMBR.exe last night I got the dreaded blue screen with irql not less or equal to warning and it shut down but auto rebooted and is seemingly working fine. Another think that happened, prior to finding the conime.exe from unknown auther in my startup menu was I was prompted by AMD to update my drivers for my vid card Radeon 7850HD from 12.10 to 13.1 beta drivers. During the install process, in safe mode, it put up the warning that drivers for the vid card and hdmi did not install. It shut down and again rebooted, saying of course windows had recovered. I cked device manager and tried to update vid drivers from there but MS says they are current at 6.1 but I know they are not. Upon some more researching I found that for some reason AMD was trying to install 32bit drivers on my 64bit system. Probably why they failed. I am thinking that, even though I have deleted the XP pro files that win7 left on my hard drive on the new os install maybe I have not really deleted all of xp and amd is picking up the 32bit from there. Anyways going to run your suggestions and will post results in a bit. One more thing, I play World of Warcraft and am now experiencing shut downs after about 15 mins of playing.

thank you

#4 gienie

gienie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 01 February 2013 - 03:06 PM

First one
iniToolBox by Farbar Version:10-01-2013
Ran by gienies (administrator) on 01-02-2013 at 15:02:55
Running from "C:\Users\gienies\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCI GBE Family Controller = Local Area Connection (Disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : gienies-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-70-26-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::edf0:caa3:c84:9eaa%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 01, 2013 8:15:59 AM
Lease Expires . . . . . . . . . . : Saturday, February 02, 2013 8:15:59 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 315121664
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F1-05-FB-00-14-D1-1C-2C-7C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{61E8F1DA-E861-457A-898A-F52EA83CCAD7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:4b0:6a7:b8fc:b074(Preferred)
Link-local IPv6 Address . . . . . : fe80::4b0:6a7:b8fc:b074%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4008:803::1003
173.194.37.3
173.194.37.4
173.194.37.5
173.194.37.6
173.194.37.7
173.194.37.8
173.194.37.9
173.194.37.14
173.194.37.0
173.194.37.1
173.194.37.2


Pinging google.com [173.194.37.4] with 32 bytes of data:
Reply from 173.194.37.4: bytes=32 time=40ms TTL=54
Reply from 173.194.37.4: bytes=32 time=40ms TTL=54

Ping statistics for 173.194.37.4:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 40ms, Average = 40ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=197ms TTL=47
Reply from 206.190.36.45: bytes=32 time=143ms TTL=47

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 143ms, Maximum = 197ms, Average = 170ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...c8 60 00 70 26 35 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 266
192.168.1.4 255.255.255.255 On-link 192.168.1.4 266
192.168.1.255 255.255.255.255 On-link 192.168.1.4 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:6ab8:4b0:6a7:b8fc:b074/128
On-link
13 266 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::4b0:6a7:b8fc:b074/128
On-link
13 266 fe80::edf0:caa3:c84:9eaa/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2013 08:17:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 10:14:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 06:18:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 05:16:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 02:05:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2013 08:39:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2013 04:18:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2013 04:07:50 PM) (Source: System Restore) (User: )
Description: Failed to initiate System Restore (Scheduled Checkpoint).

Error: (01/29/2013 03:09:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2013 00:00:00 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (02/01/2013 08:16:04 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (02/01/2013 08:16:00 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/31/2013 10:31:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/31/2013 10:13:30 PM) (Source: BugCheck) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e99715)C:\Windows\MEMORY.DMP013113-20670-01

Error: (01/31/2013 10:13:20 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/31/2013 10:13:17 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:11:32 PM on ?1/?31/?2013 was unexpected.

Error: (01/31/2013 09:29:10 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/31/2013 09:29:10 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/31/2013 09:29:10 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/31/2013 09:29:10 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (02/01/2013 08:17:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 10:14:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 06:18:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 05:16:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2013 02:05:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2013 08:39:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2013 04:18:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2013 04:07:50 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint0x81000101

Error: (01/29/2013 03:09:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2013 00:00:00 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader XI (11.0.01) (Version: 11.0.01)
aioscnnr (Version: 7.3.4.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485)
Application Profiles (Version: 2.0.4719.35969)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2897)
AVG 2013 (Version: 2013.0.2897)
C4USelfUpdater (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
center (Version: 6.2.5.0)
CNET TechTracker (Version: 2.1.0)
Curse Client (Version: 5.1.1.584)
D3DX10 (Version: 15.4.2368.0902)
DIRECTV Player (Version: 6.1)
Dragon NaturallySpeaking 10 (Version: 10.10.0)
DriverFinder (Version: 2.1.0)
essentials (Version: 6.0.14.0)
Google Chrome (Version: 24.0.1312.57)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Junk Mail filter update (Version: 16.4.3503.0728)
jZip
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.6.12.20)
Logitech Gaming Software (Version: 8.40.83)
Logitech Gaming Software 8.40 (Version: 8.40.83)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SkyDrive (Version: 16.4.6010.0727)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3503.0728)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
ocr (Version: 6.2.3.50)
ooVoo (Version: 3.5.3023)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
PreReq (Version: 6.2.4.0)
PrintProjects (Version: 1.0.0.9282)
Speccy (Version: 1.19)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 10.00.800.228)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Mail (Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Live Writer (Version: 16.4.3503.0728)
Windows Live Writer Resources (Version: 16.4.3503.0728)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8138.45 MB
Available physical RAM: 5853.2 MB
Total Pagefile: 12836.64 MB
Available Pagefile: 10030.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:390.67 GB) NTFS

========================= Users: ========================================

User accounts for \\GIENIES-PC

Administrator gienies Guest


**** End of log ****

#5 gienie

gienie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 01 February 2013 - 03:08 PM

Second

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 15:07:16
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : gienies - GIENIES-PC
# Boot Mode : Normal
# Running from : C:\Users\gienies\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\gienies\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\gienies\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\gienies\Documents\ShopToWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.FCTB000100571Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.FCTB000100571Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100571.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\gienies\AppData\Roaming\Mozilla\Firefox\Profiles\isyixote.default\prefs.js

Found : user_pref("freecausede32f71423c816745509f0031d96de84.AutoSearchEventData", "auto%20search");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.ClearCacheDate", 4);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.DNSCatch", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.DisplayEULA", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.EBOMode", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.EnableDCAData_xx", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.EnableDCA_xx", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.FirstLaunchShown", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.InstallDomain", "freecause.com");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.InstallType", "standard");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.LoadLayoutDate.100571", 4);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.ShowRecommendedOptions", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.StateReportDate", "1349366145271");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecausede32f71423c816745509f0031d96de84.beforeInstallSaved", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Found : user_pref("freecausede32f71423c816745509f0031d96de84.beforeinstall.search", "Google");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.customNewTab", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.dcaDefaultMode", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.dcaShowInstallerPage", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.dcaShowSurvey", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.helpUsImprove", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.hideOthers", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.partnerauth", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.processAddrBar", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.restoreSearch", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.searchHistory", true);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.session", "606A9ED927244C99C3FE3ECFE450F87C47A7[...]
Found : user_pref("freecausede32f71423c816745509f0031d96de84.showFirstLaunchOptions", false);
Found : user_pref("freecausede32f71423c816745509f0031d96de84.tb_lang", "en");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.tool_id", "100571");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.user_id", "122714662");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.user_key", "e93f1a04bb3a19fe63a8d8d5f376eb7e1dc[...]
Found : user_pref("freecausede32f71423c816745509f0031d96de84.user_layouts", "100571");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.user_lnames", "Shop%20to%20Win%2030");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.vars.disablecuidinject", "1");
Found : user_pref("freecausede32f71423c816745509f0031d96de84.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecausede32f71423c816745509f0031d96de84.yahooSearch", false);

-\\ Google Chrome v24.0.1312.57

File : C:\Users\gienies\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6110 octets] - [01/02/2013 15:07:16]

########## EOF - C:\AdwCleaner[R1].txt - [6170 octets] ##########

#6 gienie

gienie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 01 February 2013 - 03:10 PM

Changing to IE for next one.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:02 PM

Posted 01 February 2013 - 08:07 PM

Let us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 gienie

gienie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 02 February 2013 - 03:51 PM

Ok I failed to name the file for the eset scan and left it as txt so I am looking for it. It did locate 8 threats which of course I deleted. I am still having the conime.exe coming back in start up and i am making a restore point everyday that is missing the next day or after a reboot. I have enough space alotted for it so that is not why it is dropping them. I am ready to chunk this in the trash. I still feel strongly that it is my video drivers that causing the shut down but cannot find anywhere to get the 12.10 and afraid to try to install the 13.1 betas again. Also i watched the files eset was scanning and serveral were my old os XP and serveral were for my last graphics card Nvidia which I removed. Any ideas on how to get the xp and Nvidia files totally out?

Much appreciate any more help and will post the log as soon as i find it.

thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:02 PM

Posted 02 February 2013 - 09:51 PM

Hello, two things..
One
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

I think we need to start a new topic named "Conime.exe keps returning"
You can also mention getting the od XP and Nvidia files out? As we will get a much deeper look with the toolin the guide below.




Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users