Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer may be infected


  • Please log in to reply
21 replies to this topic

#1 andpinger

andpinger

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 28 November 2013 - 11:35 PM

A couple days ago, I got a series of weird events happen on my pc.  When I browse the internet, my firefox window tends to flash... alternating between the window and the desktop wallpaper.  Browsing also seems a little slow and there is a program called PC Fix Speed which always pops up, telling me 400 something errors were discovered on my pc.  What do I do?

 

 

I am using a dell inspiron 1545 with windows 7... 64 bit.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 29 November 2013 - 08:12 AM

  • Please download Adware cleaner from the link below.
  • http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
  • Save it to your desktop.
  • Right click run as admin.
  • Hit the scan button.
  • Allow completion.
  • Make sure all items are ticked.
  • Hit the clean button.
  • Even if no items are displayed to be ticked hit the clean button anyway.
  • The machine will reboot this is normal.
  • Post the log in your next reply.

Run the junkware removal tool in safemode post the log.
http://thisisudax.org/downloads/JRT.exe

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



#3 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 November 2013 - 11:47 AM

Ok got 2 more strange notifications.

 

They read:

 

"Access violation at adress 004DA19A in module 'App24x7Help.exe'.  Read of address 00000385"

 

-and-

 

"Cannot create shell notification icon"



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 29 November 2013 - 11:50 AM

You get these when you try to run the program.

#5 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 December 2013 - 10:47 AM

OK here is the Adware cleaner log

 

 

# AdwCleaner v3.014 - Report created 03/12/2013 at 10:43:17
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Henry - HENRY-PC
# Running from : C:\Users\Henry\Desktop\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 24x7HelpSvc
[#] Service Deleted : Update BuzzSearch
[#] Service Deleted : Util BuzzSearch

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\24x7Help
Folder Deleted : C:\Program Files (x86)\BuzzSearch
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Users\Henry\AppData\Local\filetypeassistant
Folder Deleted : C:\Users\Henry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Henry\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Henry\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Henry\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Henry\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Henry\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\53w2x79u.default-1361946116821\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\24x7 help.lnk
File Deleted : C:\Users\Henry\Desktop\MySearchDial.url
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\0n1044ty.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\53w2x79u.default-1361946116821\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\ucn4yb55.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\0n1044ty.default\user.js
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\53w2x79u.default-1361946116821\user.js
File Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\ucn4yb55.default\user.js
File Deleted : C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\24x7help
Key Deleted : HKCU\Software\BuzzSearch
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\BuzzSearch
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\0n1044ty.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\53w2x79u.default-1361946116821\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "676001609");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "CFB884C308549070C30104CA9F565137");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCt[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "F04DA28128D2F96D");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16025");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.02:11:8");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.02:11:8");

[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\ucn4yb55.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzztCtBzz0DtB0FzyyC0DtN0D0Tzu0SyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

*************************

AdwCleaner[R0].txt - [12212 octets] - [03/12/2013 10:40:57]
AdwCleaner[S0].txt - [11228 octets] - [03/12/2013 10:43:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11289 octets] ##########
 



#6 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 December 2013 - 11:20 AM

how do I run the junkware removal tool in safemode?



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 10 December 2013 - 05:04 PM

http://kb.eset.com/esetkb/index?page=content&id=SOLN2268&locale=en_US

#8 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 January 2014 - 09:49 PM

 

 

 

 

Damn I just got found this post... thought I had been forgotten... Should I restart the adware cleaner log?  Thinks have to be different on my PC since December.  Is the adware cleaner in the old link obsolete now?  Thanks, and sorry for such a late response.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 28 January 2014 - 02:52 PM

The links are fine delete what you have installed and start over for everything.



#10 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 January 2014 - 02:51 PM

OK here's the adware cleaner log:

 

 

 

# AdwCleaner v3.018 - Report created 30/01/2014 at 14:47:17
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Henry - HENRY-PC
# Running from : C:\Users\Henry\Desktop\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\0n1044ty.default\prefs.js ]


[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\53w2x79u.default-1361946116821\prefs.js ]


[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\ucn4yb55.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [12212 octets] - [03/12/2013 10:40:57]
AdwCleaner[R1].txt - [1590 octets] - [30/01/2014 14:45:27]
AdwCleaner[S0].txt - [11398 octets] - [03/12/2013 10:43:17]
AdwCleaner[S1].txt - [1480 octets] - [30/01/2014 14:47:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1540 octets] ##########



#11 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 January 2014 - 03:19 PM

here's the junkware removal tool log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Henry on Thu 01/30/2014 at 15:13:42.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Henry\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Henry\AppData\Roaming\mozilla\firefox\profiles\53w2x79u.default-1361946116821\minidumps [126 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/30/2014 at 15:17:28.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 January 2014 - 03:28 PM

Here's the minitoolbox log

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Henry (administrator) on 30-01-2014 at 15:26:24
Running from "C:\Users\Henry\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Henry-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wlan.cua.edu

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : wlan.cua.edu
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 70-F1-A1-FF-A5-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4ad:a295:730b:f82a%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 136.242.238.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Thursday, January 30, 2014 3:21:02 PM
   Lease Expires . . . . . . . . . . : Thursday, January 30, 2014 3:51:01 PM
   Default Gateway . . . . . . . . . : 136.242.232.1
   DHCP Server . . . . . . . . . . . : 1.1.1.1
   DHCPv6 IAID . . . . . . . . . . . : 225505697
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-EF-71-82-F0-4D-A2-81-28-D2
   DNS Servers . . . . . . . . . . . : 136.242.4.80
                                       136.242.4.81
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : F0-4D-A2-81-28-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wlan.cua.edu:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wlan.cua.edu
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : wlan.cua.edu
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:88f2:ee6a::88f2:ee6a(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 136.242.4.80
                                       136.242.4.81
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  136.242.4.80

Name:    google.com
Addresses:  2607:f8b0:4004:801::100e
      74.125.228.40
      74.125.228.41
      74.125.228.32
      74.125.228.37
      74.125.228.46
      74.125.228.35
      74.125.228.36
      74.125.228.33
      74.125.228.38
      74.125.228.34
      74.125.228.39


Pinging google.com [74.125.228.41] with 32 bytes of data:
Reply from 74.125.228.41: bytes=32 time=8ms TTL=53
Reply from 74.125.228.41: bytes=32 time=5ms TTL=53

Ping statistics for 74.125.228.41:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 8ms, Average = 6ms
Server:  UnKnown
Address:  136.242.4.80

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=128ms TTL=45
Reply from 206.190.36.45: bytes=32 time=103ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 103ms, Maximum = 128ms, Average = 115ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...70 f1 a1 ff a5 01 ......Dell Wireless 1397 WLAN Mini-Card
 10...f0 4d a2 81 28 d2 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    136.242.232.1  136.242.238.106     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    136.242.232.0    255.255.248.0         On-link   136.242.238.106    281
  136.242.238.106  255.255.255.255         On-link   136.242.238.106    281
  136.242.239.255  255.255.255.255         On-link   136.242.238.106    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   136.242.238.106    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   136.242.238.106    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 48   1030 2002::/16                On-link
 48    286 2002:88f2:ee6a::88f2:ee6a/128
                                    On-link
 11    281 fe80::/64                On-link
 11    281 fe80::4ad:a295:730b:f82a/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/30/2014 03:24:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/30/2014 03:22:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/30/2014 03:21:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/30/2014 03:21:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (01/30/2014 03:20:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/30/2014 03:20:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/30/2014 03:20:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/30/2014 03:20:03 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/30/2014 03:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/30/2014 03:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/30/2014 03:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/30/2014 03:24:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Henry\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2012-03-21 14:48:12.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-21 14:48:12.104
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-21 14:48:11.994
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-21 14:48:11.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-12 21:05:42.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-12 21:05:42.418
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 9.20
AC3Filter 2.5b (Version: 2.5b)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon Kindle
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 2.0.4.0)
Camera Window DS (Version: 5.0)
Camera Window DVC (Version: 5.0)
Camera Window MC (Version: 5.0)
Canon Camera Support Core Library (Version: 7.1.0.11)
Canon Camera Window DS for ZoomBrowser EX (Version: 5.0)
Canon Camera Window DVC for ZoomBrowser EX (Version: 5.0)
Canon Camera Window for ZoomBrowser EX (Version: 5.0)
Canon MovieEdit Task for ZoomBrowser EX (Version: 1.2.0.21)
Canon PhotoRecord (Version: 02.01.00069)
Canon RAW Image Task for ZoomBrowser EX (Version: 1.2)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.14)
Canon ZoomBrowser EX (Version: 5.00.0000)
CCleaner (Version: 3.17)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cozi (Version: 1.0.4323.24051)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.1107.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
DivX Setup (Version: 2.6.1.90)
Dropbox (Version: 2.6.2)
ESET Online Scanner v3
Facebook Video Calling 2.0.0.447 (Version: 2.0.447)
File Type Assistant (Version: 2013.4.8.0)
FinalTorrent 2011
Firefox Free Download Packages
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
GoToAssist 8.0.0.514
Guerrilla Bob (Version: 2.2.0.97)
HiJackThis (Version: 1.0.0)
Intel® Matrix Storage Manager
iTunes (Version: 10.2.1.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Reader
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MovieEdit Task (Version: 1.2.0.21)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 14.0.1468.721)
PC Fix Speed 1.2.0.25 (Version: 1.2.0.25)
PhotoStitch (Version: 3.1.14)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.74.80.86)
RAW Image Task 1.2 (Version: 1.2)
RemoteCapture Task 1.1 (Version: 1.1)
Roxio Burn (Version: 1.01)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars (Version: 1.0.4051)
Stata 12 (Version: 12.0)
The Battle for Middle-earth ™
Uninstall Helper (Version: 2.0.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Dell Games) (Version: 4.0.5.32)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! Detect

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4056.36 MB
Available physical RAM: 2424.68 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6311.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.52 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:175.25 GB) NTFS

========================= Users: ========================================

User accounts for \\HENRY-PC

Administrator            Guest                    Henry                    


**** End of log ****


 

 

 

 

 

One final thing to note is that my screen sometimes blacks out and a message pops up saying "the display driver has stopped responding and has recovered"


Edited by andpinger, 30 January 2014 - 03:28 PM.


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 30 January 2014 - 10:46 PM

Download Malwarebytes Anti-Malware

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

 

Please scan your machine with ESET OnlineScan
You will need to disable your antivirus prior to scanning.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I
  • accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and Remove Found Threats
  • Click Advanced settingsand select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#14 andpinger

andpinger
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 08 February 2014 - 01:25 AM

Heres the malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Henry :: HENRY-PC [administrator]

2/8/2014 1:11:24 AM
mbam-log-2014-02-08 (01-11-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229176
Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Henry\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 23
C:\$RECYCLE.BIN\S-1-5-21-313149216-2932475775-116699856-1001\$R0QWOTR.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-313149216-2932475775-116699856-1001\$RSPXQKS.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\87uKxVt8.zip.part (Trojan.Fakealert.ED) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\AU5yxszN.exe.part (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\E8N6AQmx.exe.part (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\FirefoxUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\gjeNmAPq.exe.part (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ICReinstall_SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\jVliy6aq.zip.part (Trojan.Fakealert.ED) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\s6MYow+L.exe.part (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\Ss__0ClM.zip.part (Malware.Packer.FFS) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\z2PUFixl.exe.part (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\is1852162411\204167740_stp\BuzzSearch.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Users\Henry\Downloads\freefileviewer_730.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Henry\Local Settings\Temporary Internet Files\Content.IE5\9A2F4BNY\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\Local Settings\Temporary Internet Files\Content.IE5\9A2F4BNY\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\Local Settings\Temporary Internet Files\Content.IE5\USA50XQ2\ism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Henry\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 08 February 2014 - 06:44 PM

How is the machine, and the eset log?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users