Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if I have malware..


  • Please log in to reply
31 replies to this topic

#1 Darktune

Darktune

    Very Purple


  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 17 June 2013 - 07:36 PM

This has been posted in the windows 7 section, but I wrongly placed it there so I will re-post it here.
 
Recently my PC was infected with malware but I removed it using various anti-virus tools and to be safe I formatted my hard drive and re-installed windows.
 
But my laptop screen sometimes freezes for about 5-10 seconds and returns normal and when scanning with AVG i found a few things but one was AVP but that is Kaspersky, and another was a inline hook win32k.sys, but after search for what this is, I've read that it was also another conflicting anti-virus, but I'm not sure.
 
 
I was just wondering if anyone could help me go through AVG scan files or Dr. Web scan files and see if there is anything infectious on my PC.
 
Thank you in advance.
 
 
Bellow will be my Speccy link and also my MiniTookbox logs
 
 
http://speccy.piriform.com/results/K6vk1eGYcl1ox8wvVeeuyUd
 
 
MiniToolBox by Farbar  Version: 16-06-2013
Ran by Sazzy (administrator) on 17-06-2013 at 16:25:19
Running from "C:\Users\Sazzy\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/17/2013 01:52:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 00:29:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: javaw.exe, version: 7.0.210.11, time stamp: 0x515d999d
Faulting module name: deploy.dll, version: 10.21.2.11, time stamp: 0x515da3dd
Exception code: 0xc0000409
Fault offset: 0x00000000000306b6
Faulting process id: 0x19f8
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3
 
Error: (06/17/2013 11:57:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 10:37:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 08:13:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 11:15:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 00:13:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Sazzy-HP)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Sazzy-HP)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Sazzy-HP)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 
 
System errors:
=============
Error: (06/17/2013 01:52:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iswtwq
maagqb
wjtvys
xtoxpl
 
Error: (06/17/2013 01:52:00 PM) (Source: APPHOSTSVC) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (06/17/2013 01:50:20 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (06/17/2013 00:39:42 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (06/17/2013 00:39:40 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: 
%%1056
 
Error: (06/17/2013 00:39:36 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: 
%%1056
 
Error: (06/17/2013 00:38:45 PM) (Source: Service Control Manager) (User: )
Description: The HP Auto service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/17/2013 00:38:00 PM) (Source: Service Control Manager) (User: )
Description: The HP Quick Synchronization Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/17/2013 00:37:42 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (06/17/2013 00:37:42 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/17/2013 01:52:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 00:29:40 PM) (Source: Application Error)(User: )
Description: javaw.exe7.0.210.11515d999ddeploy.dll10.21.2.11515da3ddc000040900000000000306b619f801ce6b4debd60485C:\Program Files\Java\jre7\bin\javaw.exeC:\Program Files\Java\jre7\bin\deploy.dll32a689b1-d741-11e2-9c4c-ec9a744e2ba9
 
Error: (06/17/2013 11:57:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 10:37:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 08:13:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 11:15:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 00:13:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Sazzy-HP)
Description: 
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Sazzy-HP)
Description: 
 
Error: (06/16/2013 09:58:36 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Sazzy-HP)
Description: The process cannot access the file because it is being used by another process.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-17 12:31:49.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Config.Msi\1f4825.rbf because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-17 12:31:49.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Config.Msi\1f4825.rbf because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-16 12:03:29.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-16 12:03:28.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advanced Fix 2013 version 2.0.1.106 (Version: 2.0.1.106)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaConverter 7.5 (Version: 7.5.0.114)
ASIO4ALL (Version: 2.10)
Audacity 2.0.3 (Version: 2.0.3)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
Bejeweled 3 (Version: 2.2.0.97)
Blackhawk Striker 2 (Version: 2.2.0.95)
CamStudio version 2.7 (Version: 2.7)
CCleaner (Version: 4.02)
Chuzzle Deluxe (Version: 2.2.0.95)
Comodo Dragon (Version: 27.1.0.0)
COMODO Internet Security (Version: 6.0.2566.2708)
Content Manager Assistant for PlayStation® (Version: 2.10.6402.20)
Cradle of Rome 2 (Version: 2.2.0.98)
D3DX10 (Version: 15.4.2368.0902)
Dora's World Adventure (Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Fallen Earth
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Farm Frenzy (Version: 2.2.0.98)
Farmscapes (Version: 2.2.0.98)
FATE (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
FL Studio 10
Fraps (remove only)
Garry's Mod
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
HandBrake 0.9.8 (Version: 0.9.8)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
Hoyle Card Games (Version: 2.2.0.95)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.2.5)
HP Launch Box (Version: 1.0.12)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.8)
HP Product Detection (Version: 11.15.0004)
HP Quick Launch (Version: 2.7.2)
HP QuickWeb (Version: 3.1.1.10197)
HP Recovery Manager (Version: 2.0.0)
HP Security Assistant (Version: 1.0.12)
HP Setup (Version: 9.0.15076.3891)
HP Setup Manager (Version: 1.2.14901.3869)
HP Software Framework (Version: 4.6.10.1)
HP Support Assistant (Version: 7.0.39.15)
IDT Audio (Version: 1.0.6365.0)
IL Download Manager
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2476)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
iTunes (Version: 11.0.2.26)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210)
Jewel Match 3 (Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Lagarith lossless video codec (Remove Only)
Letters from Nowhere 2 (Version: 2.2.0.97)
Luxor HD (Version: 2.2.0.98)
Magic Desktop (Version: 3.0)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nexus Mod Manager (Version: 0.44.4)
opensource (Version: 1.0.14960.3876)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
Portal 2
Primal Carnage
PunkBuster Services (Version: 0.992)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.2.13.0)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.85)
Red Orchestra 2: Heroes of Stalingrad Beta
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
RollerCoaster Tycoon 3: Platinum (Version: 2.2.0.98)
Skype™ 6.3 (Version: 6.3.107)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305)
Sony PC Companion 2.10.155 (Version: 2.10.155)
Speccy (Version: 1.21)
Spore
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Team Fortress 2
The Treasures of Mystery Island: The Ghost Ship (Version: 2.2.0.98)
Torchlight (Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games App (HP Games) (Version: 4.0.5.32)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Worms Revolution
Xvid Video Codec (Version: 1.3.2)
Zuma's Revenge (Version: 2.2.0.98)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 67%
Total physical RAM: 6091.86 MB
Available physical RAM: 2005.75 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 8540.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.18 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:674.74 GB) (Free:467.72 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:19.74 GB) (Free:2.14 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\SAZZY-HP
 
Administrator            Guest                    Sazzy                    
user                     
 
 
**** End of log ****
 
 
 
If anyone could help please do, I am very paranoid about this sort of thing. thank you.

Edited by Queen-Evie, 17 June 2013 - 10:33 PM.
moved from MRL

It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 19 June 2013 - 09:52 PM

Hello Craig, and welcome!

I was looking over the portions of logs you posted, and I noticed a few things (without looking at your Speccy report just yet):

Please correct me if I'm wrong, but it looks like you have two Antivirus Solutions installed:

 

AVG 2013 (Version: 2013.0.3345)

And:
 

COMODO Internet Security (Version: 6.0.2566.2708)

 
==========
 
Step :step1:
 
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore, please go to Programs and Features in the control panel and remove either AVG 2013 or COMODO Internet Security.
 
 
This could be causing your problems with false detections.
 
==========
 
Also, another warning:
 
Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.
 
==========
 
After doing the above, I'd like you to run a scan with a program you already have installed on your machine:
 
Step :step2:
 
Please update Malwarebytes Antimalware, then run a full system scan (removing anything it finds) and please copy and paste the results of the log in your next reply.

 

==========

 

After doing the above, please let me know how the machine is running now!
 
bloopie



#3 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 20 June 2013 - 01:36 AM

Hello thank you for replying..

 

Some interesting things here, with AVG and Comodo, I don't consider Comodo's anti-virus good as it doesn't find hardly any viruses, but saying that I don't find AVG's better anymore I'll keep looking for the one best suited for me. 

 

I don't Online Game in the respect of websites, I do however play online games via steam so I'm not sure if that's the problem.

 

The Wildtangent that you spotted has annoyingly been pre-installed with HP Games.

 

It has however been removed now. Below will be my MBAM log with the newest update

*Please note* AVG and Comodo will both still be there as will Wildtangent as I did this scan last night

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.18.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Sazzy :: SAZZY-HP [administrator]
 
20/06/2013 00:46:26
mbam-log-2013-06-20 (00-46-26).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 449154
Time elapsed: 1 hour(s), 1 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 20 June 2013 - 05:33 PM

Hello again,
 
I would strongly suggest that you uninstall one of your AV programs as said in Step 1 of post #2, for the reasons outlined there. That could be the reason for the problem that you are having. Let's start with that, and then we can safely delve deeper.
 
I personally don't like Comodo antivirus...it doesn't get very good reviews. I'm not very partial to AVG either, but it's better than Comodo. I would personally recommend using a good antivirus program that doesn't use a lot of system resources. One like Microsoft Secuity Essentials provides perfectly acceptable protection for free, and doesn't hog system resources either.

 

Note: If you decide to go with MSE, first download the installer but don't install it just yet! Completely remove both AVG and Comodo, then reboot, and then install MSE.

 

Let me know when this is done, and we'll take it from there. :wink:

 

bloopie



#5 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 20 June 2013 - 05:43 PM

Okay I will take your advice, I have heard from different sources that Comodo and AVG are not very good, but does MSE come with a firewall as strong as comodo as I feel the firewall on Comodo so far is great as it alerts me to whenever a program is trying to connect to the internet.

 

 

Thank you


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 20 June 2013 - 05:53 PM

Your research is well done! You are correct about everything above. :)

Comodo's firewall is excellent, and you should keep it as the stand-alone firewall. MSE does not come with a firewall and is safe to use with Comodo's firewall.

bloopie



#7 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 20 June 2013 - 06:12 PM

Right I have followed your advice I have now got MSE on my PC It automatically did a quick scan and found nothing.

 

Do you recommend me doing a full scan? 

Also i found some odd files in 'My documents' folder, one was a registry file and one was the application that allows remote desktop, so I'm not sure what to do.

 

 

Thank you


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 20 June 2013 - 06:29 PM

Hello again,

Yes, please run a full scan with MSE (this may take a while), and let me know if your computer has any freezes during the process or any other problem that you noticed before you posted this topic. If MSE finds anything please post what it found.

EDIT: I have to go for a little while, and I may not be back tonight. Thanks for your patience!

bloopie

Edited by bloopie, 20 June 2013 - 06:30 PM.


#9 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 20 June 2013 - 06:33 PM

Okay I shall do that bloopie.

 

Okay that's fine reply whenever you can, thank you.

 

 

Craig


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#10 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 21 June 2013 - 02:43 PM

Here is the Microsoft security essentials log I had to google it how to find it haha.

 

 

By the way, the computer acted normal while the scan was in progress and it found nothing and it didn't alert me of anything.

 

 

 

 
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎06‎-‎20‎-‎2013 23:56:56
************************************************************
2013-06-20T22:56:56.751Z Trace session started - MpWppTracing-06202013-235656-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 1ce1ebb5984637f
Trusted image state = 1 USN = 0
Setup boot count = 0
 
2013-06-20T22:56:56.912Z Verifying RTP plugin...
2013-06-20T22:56:56.961Z verified!
2013-06-20T22:56:57.389Z Verifying Nis plugin...
2013-06-20T22:56:57.397Z verified!
2013-06-20T22:56:57.607Z Initializing Nis plugin state...
2013-06-20T22:56:57.607Z Nis initialized!
2013-06-20T22:56:57.607Z Loading engine...
2013-06-20T22:56:57.608Z CSignatureStatus: changed to DUE_REPORTED
2013-06-20T22:56:57.609Z loaded!
2013-06-20T22:56:57.625Z Verifying license file...
2013-06-20T22:56:57.632Z verified!
2013-06-20T22:56:57.632Z Product supports installmode: 1
2013-06-20T22:56:58.184Z Task(-GenuineCheck -RestrictPrivileges) launched
2013-06-20T22:56:58.185Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.2.223.0
Service Version: 4.2.223.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2013-06-20T22:56:58.584Z WAT report: machine genuine, state(1) error(0x0)
2013-06-20T22:57:02.231Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:02.245Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:04.261Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:04.267Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:06.290Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:06.299Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(0)
2013-06-20T22:57:10.328Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2013-06-20T22:57:58.185Z Calling MpUpdateStart with update options = 257
2013-06-20T22:58:34.937Z Verifying engine and signature files (source: 0) ...
2013-06-20T22:58:35.405Z verified!
2013-06-20T22:58:38.699Z Initializing SQM in engine...
2013-06-20T22:58:38.699Z SQM initialized in the engine successfully
2013-06-20T22:58:38.723Z CSignatureStatus: back to good
2013-06-20T22:58:38.723Z Initializing RTP plugin state...
2013-06-20T22:58:38.724Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:15
  Async:4
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,0,0
  Proc:0,0,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:2,2,0
  SetEngine:1,1,0
  SetState:1,1,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:0
  AsyncQCurrent:0
  BMFlags:0
  ServiceMaj:0
  ServiceMin:0
  ProcBitmap:0
  NumInstance:6
  TotalStreamCon:913
  TotalBitmap:91440
  NTFS Cache Statistics:
   TotalMisses:6322
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
 
**************************END RTP Perf Log*************************
 
 
 
 
Signature updated on ‎06‎-‎20‎-‎2013 23:58:38
Product Version: 4.2.223.0
Service Version: 4.2.223.0
Engine Version: 1.1.9607.0
AS Signature Version: 1.153.284.0
AV Signature Version: 1.153.284.0
************************************************************
2013-06-20T22:58:38.745Z Process scan (poststartupscan) started.
2013-06-20T22:58:40.762Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:40.779Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Signature updated via MicrosoftUpdateServer on ‎06‎-‎20‎-‎2013 23:58:40
************************************************************
2013-06-20T22:58:42.848Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:42.855Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:44.898Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:44.906Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:46.928Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:46.941Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:48.963Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:48.979Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:51.003Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:51.016Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:53.054Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:53.060Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:55.075Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:55.081Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-20T22:58:58.195Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2013-06-20T23:02:23.810Z Process scan (poststartupscan) completed.
2013-06-20T23:05:39.268Z Task(SpyNetService -RestrictPrivileges -AccessKey 3F871888-4225-FF13-BC89-D9EEAC05FA3C) launched
2013-06-20T23:06:58.223Z AutoPurgeWorker triggered with dwWork=0x3
2013-06-20T23:06:58.224Z Product supports installmode: 1
2013-06-20T23:06:58.231Z Task(-GenuineCheck -RestrictPrivileges) launched
2013-06-20T23:06:58.354Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2013-06-20T23:06:58.355Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 7717196(ms)
2013-06-20T23:06:58.564Z WAT report: machine genuine, state(1) error(0x0)
2013-06-20T23:06:58.747Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎06‎-‎21‎-‎2013 14:20:04
************************************************************
2013-06-21T13:20:04.604Z Trace session started - MpWppTracing-06212013-142004-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 10470
Number of invalid entries is 0
Number of Inserts issued is 10598
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 96321
Number of misses is 89078
Number of false fast lookups is 7679
Number of invalidations is 2
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 1ce1ebb5984637f
Trusted image state = 1 USN = 0
Setup boot count = 0
 
2013-06-21T13:20:04.885Z Verifying RTP plugin...
2013-06-21T13:20:04.885Z verified!
2013-06-21T13:20:04.979Z Verifying Nis plugin...
2013-06-21T13:20:04.979Z verified!
2013-06-21T13:20:05.026Z Loading engine...
2013-06-21T13:20:05.026Z Initializing Nis plugin state...
2013-06-21T13:20:05.026Z Nis initialized!
2013-06-21T13:20:05.341Z Verifying engine and signature files (source: 1) ...
2013-06-21T13:20:05.341Z verified!
2013-06-21T13:20:11.976Z Initializing SQM in engine...
2013-06-21T13:20:11.976Z SQM initialized in the engine successfully
2013-06-21T13:20:12.101Z CSignatureStatus: back to good
2013-06-21T13:20:12.116Z Initializing RTP plugin state...
2013-06-21T13:20:12.116Z initialized!
2013-06-21T13:20:12.116Z loaded!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:15
  Async:4
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,0,0
  Proc:0,0,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:2,2,0
  SetEngine:1,1,0
  SetState:1,1,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:1440
  AsyncQCurrent:0
  BMFlags:0
  ServiceMaj:0
  ServiceMin:0
  ProcBitmap:0
  NumInstance:6
  TotalStreamCon:1114
  TotalBitmap:91440
  NTFS Cache Statistics:
   TotalMisses:9577
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
 
**************************END RTP Perf Log*************************
 
 
 
 
2013-06-21T13:20:12.210Z Verifying license file...
2013-06-21T13:20:12.210Z verified!
2013-06-21T13:20:12.210Z Product supports installmode: 1
2013-06-21T13:20:12.241Z Task(-GenuineCheck -RestrictPrivileges) launched
2013-06-21T13:20:12.569Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.2.223.0
Service Version: 4.2.223.0
Engine Version: 1.1.9607.0
AS Signature Version: 1.153.284.0
AV Signature Version: 1.153.284.0
************************************************************
2013-06-21T13:20:20.540Z WAT report: machine genuine, state(1) error(0x0)
2013-06-21T13:21:04.802Z Process scan (poststartupscan) started.
2013-06-21T13:21:09.318Z Process scan (poststartupscan) completed.
2013-06-21T13:22:29.600Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-21T13:22:29.606Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-06-21T13:27:21.331Z Task(SpyNetService -RestrictPrivileges -AccessKey 0F80D20A-5DD4-E45F-8730-EF089F37F513) launched
2013-06-21T13:30:12.569Z AutoPurgeWorker triggered with dwWork=0x3
2013-06-21T13:30:12.569Z Product supports installmode: 1
2013-06-21T13:30:12.571Z Task(-GenuineCheck -RestrictPrivileges) launched
2013-06-21T13:30:12.578Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2013-06-21T13:30:12.578Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 40202312(ms)
2013-06-21T13:30:13.125Z WAT report: machine genuine, state(1) error(0x0)
2013-06-21T13:30:18.887Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
 
 
 
Thank you, Craig.

It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 21 June 2013 - 04:27 PM

Hello Craig,

No problem there, and glad to hear you had no problems. Let's get a few more logs:

Step :step1:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
==========

Step :step2:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
==========

Step :step3:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
==========

In your next reply, please copy and paste all three requested logs!

Also, please let me know how the machine is running now...any changes?

bloopie

#12 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 22 June 2013 - 10:13 AM

First two logs are done, one of them found some stuff but i'll post the logs. The ESET scanner has taken forever to finish so I shall wait a while longer for it to finish and then i'll post the logs. On one of the scanner (the CMD one) it kept saying ERROR so i don't know what that is.

 

Anyway here are the logs i have.

 

The first one.

 

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 13:31:18
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sazzy - SAZZY-HP
# Boot Mode : Normal
# Running from : C:\Users\Sazzy\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Sazzy\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Sazzy\AppData\Roaming\ParetoLogic
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Sazzy\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [11144 octets] - [22/06/2013 13:30:43]
AdwCleaner[S1].txt - [10935 octets] - [22/06/2013 13:31:18]
 
########## EOF - C:\AdwCleaner[S1].txt - [10996 octets] ##########
 

Second one

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sazzy on 22/06/2013 at 13:50:46.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho4E7.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{007C199C-2713-40B2-9B7A-FD178C9CF4C2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{00B9A43D-5F8C-463C-98ED-5CA9FE318BD7}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{00CA4C4B-4CC8-458A-AED2-02DB36222E58}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{029E20AF-F942-4E78-B400-0DA06143A748}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{04B320DB-2E2C-45E3-B335-DDD4DAEEBB36}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{073F8C67-F78E-44A6-9635-6287AB69ED60}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{0A0AF49E-D320-42A9-8E39-B9A9852B18E2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{0AEAA87C-568D-49BD-8231-D30E70E7A323}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{101BA7A3-C5B6-48C2-B4D0-6B084B2B02DF}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1284D199-790A-4F81-BD49-98CCC16D02BD}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{132D74CB-E2A0-437D-BCA6-E48615D38DFF}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1456AA54-7DB3-44F6-904D-A9417101F26A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{15C19C78-1E45-4F05-9A97-F6C1AD5E79C0}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{17F78933-32C2-4B47-BC2C-804C25A629F6}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1827DE37-F4EA-45E2-A4CF-A0E4FBCE04EB}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{18FDAFA9-33D3-4A70-B93F-71DE50E17A55}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1D872135-0FAE-4453-A5C5-1C7E697C9551}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1E22AB97-5CBA-41BA-AC76-B751B3C1543B}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{1E8C177B-F5AA-4087-9338-AEB8785DCB81}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{26C15C03-7243-45EC-9D05-1C9CA3FE0E86}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{2B7AA3D0-4E1B-4582-A937-121493632D19}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{325EC52F-40B6-4923-A9D4-F821A6EF187C}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{338F8623-4FCB-4401-AFD9-8E91FA4AE0A5}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{36B50544-E514-48CA-821C-38E5A4983C42}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{3A3F4B63-27BB-45B5-BFB9-41665C195BDC}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{3C21BC17-2BF0-4A94-89AC-65901012DFF2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{3DA4A2CC-3C65-4271-A0E4-FE72BE2C659C}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{3DD7C93E-88FF-4F05-9B53-EF8003B1B76E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{482EE65A-707F-4060-B59D-7861D5B216B9}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{4F988E99-2561-48D7-BEA7-1625EAC39812}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{534FB3CD-B687-40E5-8B62-DE06501613E5}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{57F8054D-1007-4DE8-AA75-88E71218EA08}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{582ACD6C-7210-4D53-90DE-EC966815307B}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{59AA69E6-4057-47FF-BA91-E446CC30ED88}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{5CC096EC-0F88-4CD7-8F89-0F2C526DE35B}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{5DB53C30-BFAB-4019-A109-0EFCB1BBD3F7}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{5F67A314-184F-4D7A-8952-FFAEF9A5855E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{5FDAF32E-D643-40F9-A23A-3672037A2EC6}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{616F6AC4-9AF9-40C4-9823-7BFF91275A3D}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{61E79D8A-40D9-418B-B4EE-E018EF496AF3}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{64A0F251-335A-439B-9166-75BD94956BFB}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{67341412-1D39-4CF2-BF2E-59E79B8195CF}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{6A7E883E-2463-4141-9799-F2498193ADE8}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{6D0046FF-0C4F-43BA-8E92-140B23A2F875}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{6D2EBE3C-F775-4B66-849C-CE60144AC7DB}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{74E6088D-B710-42EB-8061-9D02BC08DB4A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{79914BDD-6C2A-4459-A971-0472F2435096}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7BCF0501-665C-48DB-82FC-122026271108}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7BDC3850-5B59-48E4-8F47-CF9F8FBFB439}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7D7BE7E2-FAB4-4907-A420-944FFE674AC2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7DBDB8C2-93C2-4A0B-B848-27E2C85E001A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7E286046-1206-449B-BA56-F0E43D40E665}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7EC6BAF6-F64F-440C-BFA5-801B7A9BBA88}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7F63EBCE-1A53-428F-A0CA-FA70AFF8037A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{7FE0F577-9F39-4189-A48A-7ADD637D3B5A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{8110D122-E6F3-4502-B594-DD37AA5C2CF3}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{826134EF-B166-49E4-A488-4C19D1E7772E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{83042793-B30A-4869-947F-9FA5F52572A1}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{85972EE4-68C9-4532-94FB-7F17A3ED6E53}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{85D19489-00D7-49FB-9157-2E20B67B29FF}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{88BC4D58-780D-4C80-8910-25FBD2AD52C2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{89445B26-F06A-431C-860F-8050DA73EF75}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{8D8E5D94-34F0-4859-A89C-AA5AE9737F86}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{8D9581CC-D39E-4571-90FD-F7BAA3FADB64}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{90022820-EAB4-4943-92A3-3D6322EE49DA}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{92BA1B4E-07DB-46A7-A731-D0704FDF41E8}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{93307D78-CEAD-4764-BE31-C0279AFE96E5}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{93DA76BB-9601-4A71-B8EC-A834A225889B}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{9442F9D7-CE56-44B3-BBBE-70D75F3A9122}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{9514C7EA-5037-4182-870D-15D46183F830}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{9A207D01-2204-4E86-B569-2DFA5651F82C}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{9C5C78B0-76B8-4E14-86A9-C89139F94C1E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{9DE98886-0EB2-490E-B756-F00437B54040}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{A03C2423-D0A1-4AE2-B4F2-1B18195B9171}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{A0584753-500C-4664-961D-91DA8B4F54F8}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{A404ADBB-1931-455E-81C5-DCDD047AB3DF}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{A839631D-6B5C-46BD-996A-84D33E0E8430}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{A96B5998-2CFC-4F7D-BC03-3EA38F66FD70}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{AC8009B8-9471-494B-9C26-78C2FEB4C297}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{AC8BD80E-7782-453B-9371-5F92C72E5080}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{ADBBC864-76B8-47A6-B98F-DA4920386988}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{AF530CDA-209E-4D7E-8C66-10CF25D969AB}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{B67367F6-16F9-4FD7-B6F1-B7DE1F02F467}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{BAC33110-EB15-4F1C-A4AA-65269027CBD4}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{BB5C6146-81AD-4320-9147-DB8D4810099F}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{C9BF1BBD-8C86-4DCC-ABB9-0D006A8968AD}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{CA2C5069-91CB-4A9E-88C9-9B37142C9ABD}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{CA5AB15E-F87C-4302-8C38-DF620E3CB8BB}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{CC205DBE-09F3-4D8F-B77A-CBCEBBD32F57}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{CF717A95-6E31-4878-BADE-510D3708843A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D2A1EFF1-86BE-4395-9A51-65146C505B0C}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D301C0F4-1416-40F5-801A-2EC5FA0AFD60}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D306A1EE-6B3E-4644-9C92-9DBAEAAD6B74}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D3189041-2B03-49EF-9804-2C5B49D23CA3}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D3414177-E634-483D-AC2B-698903DC23E2}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D539395B-E7A0-42D0-9FB2-D442E97DB352}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{D5F22E01-49EB-49E8-A06F-AE49FF1F6F0A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{DE673228-4A8C-4A55-AD5A-7D386E1D3F10}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{DF7B7D86-E2C1-4A72-8429-BEF316896942}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{E5BCFF3F-8D55-4920-99F3-5A35D08DAC42}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{E5BF5064-75ED-4169-BC8E-B49217A24E68}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{E8E691A4-B918-4FDC-927C-4C99DC918BD1}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{E9DC1C83-255B-4591-8236-40AB63655BE4}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{EC723C48-72D2-4128-B7EE-8ABEADC50892}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{EF932106-C951-44A7-AC94-CE73872A6759}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{EFBF32F8-7362-4E78-8C75-337C0E0EF0D9}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{F4093CF2-3FF0-45A0-8504-4B69F938C948}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{F66C83C5-AA3C-4F2B-9BC6-72B705F6D38E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{FBD15034-864E-4247-9951-F1A4C848470E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{FCE2C20B-C743-4A68-94B1-B28524EDA1B3}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{FD3EF499-103E-4E57-BB69-5CDCF2F40F5A}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{FF81469B-BC1B-44B9-A0B5-63042F6F2D8E}
Successfully deleted: [Empty Folder] C:\Users\Sazzy\appdata\local\{FFA00DA0-4552-4F09-8148-D84F2FCCA33A}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/06/2013 at 14:05:15.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#13 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 22 June 2013 - 05:20 PM

Here is the log for the ESET scan, it found 6 threats but some of them I recognize.

 

By the way my laptop was going really slow and unresponsive during the scan, although this is normal when I checked  Windows Task Manager only 23% of my CPU was being used, just thought I'd let you know..

 

Anyway here's the logs..

 

C:\Program Files (x86)\Advanced Fix 2013\AdvancedFix.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
C:\ProgramData\COMODO\Cis\Quarantine\data\{274A1E9A-7803-4D98-911A-24FD9A61EE9E} a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Sazzy\Downloads\AVG Anti-Virus provided through GetNow.exe a variant of Win32/GetNow.A application cleaned by deleting - quarantined
C:\Users\Sazzy\Downloads\cbsidlm-cbsi5_3_0_96-Pazera_Free_MKV_to_AVI_Converter-ORG-75450258.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Sazzy\Downloads\MediaCoder-x64-0.8.19.5370.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Sazzy\Downloads\PCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:46 PM

Posted 22 June 2013 - 09:49 PM

Hello again,
 
Those logs are looking pretty clean!
 
How is the machine running now? Any freezes or issues from the first post?
 
Your logs look pretty clean from my chair! :)

 

bloopie



#15 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:09:46 PM

Posted 23 June 2013 - 05:48 AM

It still freezes once (and only once) not long after turn on for about 5-10 seconds, unsure why this is happening.

 

The laptop is running much quicker now though and start up is much quicker

 

 

Thanks,

 

 

Craig


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users