Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLL error message/background container.dll solved, Adobe won't start up


  • Please log in to reply
21 replies to this topic

#1 marija_peg

marija_peg

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 02:10 PM

So here goes. I, an idiot, installed this program called Software Informer and I regret it very much. Via this program I installed many others, e.g. USB Disk Security, Windows 8 Manager, IObit Unlocker (I think this is the one that's problematic, with it came IObit toolbar and my browser's startup page was also changed), Vuze, AutoHide IP. What happened is that when I rebooted my system, I got the error message from the topic title. I followed these instructions:

http://answers.microsoft.com/en-us/protect/forum/protect_scanner-protect_scanning/run-dll-error-messagebackground-containerdll/49612202-667e-4a71-8e9a-d02161d8bc19

So I ran Autoruns, deleted the Conduit Background Container.dll, rebooted, ran ADW Cleaner and JRT. What I noticed was that I could not open Adobe any more. I uninstalled all the above programs, cleaned up temp files and everything with CCleaner, uninstalled Adobe and then installed it again but - nothing.

Then I tried to do a System Restore hopefully to anull all the previous mess I made, however, I had a restore point done right after I installed all the programs and decided to uninstall them - that's when Revo Uninstaller made a restore point :( I hate myself now.

So I restored it to that point and luckily, Adobe worked. Then again I removed the Dll message, rebooted, Adobe still worked. And after ADWCleaner also it worked if I recall correctly, but after I ran JRT it does not open! Is it maybe because of something deleted in the registry? Should I put the ADWCleaner and JRT log? Can someone help me as soon as possible because I have a lot of work and I neeeed Adobe right now? Thank you.

When I try to open a pdf file there's just the blue circle running for 3 seconds and then nothing, as if I never clicked it.

Thank you very much.

P.S. Message learnt: I will create restore points more often. Just help me.

 

EDIT: I'll paste the logs.

 

AdwCleaner[S2]

# AdwCleaner v3.018 - Report created 10/02/2014 at 16:27:42
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Josipa - GREGOR
# Running from : D:\Programi\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Josipa\AppData\Local\Conduit
Folder Deleted : C:\Users\Josipa\AppData\LocalLow\Conduit
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ File : C:\Users\Josipa\AppData\Roaming\Mozilla\Firefox\Profiles\0kg7fxn9.default-1384422215598\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Josipa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2066 octets] - [05/11/2013 22:59:16]
AdwCleaner[R1].txt - [1171 octets] - [12/11/2013 12:29:01]
AdwCleaner[R2].txt - [1835 octets] - [10/02/2014 16:25:59]
AdwCleaner[S0].txt - [2043 octets] - [05/11/2013 23:00:15]
AdwCleaner[S1].txt - [1196 octets] - [12/11/2013 12:31:13]
AdwCleaner[S2].txt - [1705 octets] - [10/02/2014 16:27:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1765 octets] ##########
# AdwCleaner v3.018 - Report created 10/02/2014 at 19:24:20
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Josipa - GREGOR
# Running from : D:\Programi\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Josipa\AppData\LocalLow\Search Settings

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ File : C:\Users\Josipa\AppData\Roaming\Mozilla\Firefox\Profiles\0kg7fxn9.default-1384422215598\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Josipa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2066 octets] - [05/11/2013 22:59:16]
AdwCleaner[R1].txt - [1171 octets] - [12/11/2013 12:29:01]
AdwCleaner[R2].txt - [4922 octets] - [10/02/2014 16:25:59]
AdwCleaner[R3].txt - [1213 octets] - [10/02/2014 16:57:06]
AdwCleaner[R4].txt - [1333 octets] - [10/02/2014 17:06:26]
AdwCleaner[R5].txt - [1394 octets] - [10/02/2014 18:13:48]
AdwCleaner[S0].txt - [2043 octets] - [05/11/2013 23:00:15]
AdwCleaner[S1].txt - [1196 octets] - [12/11/2013 12:31:13]
AdwCleaner[S2].txt - [4595 octets] - [10/02/2014 16:27:42]
AdwCleaner[S3].txt - [1275 octets] - [10/02/2014 16:58:14]
AdwCleaner[S4].txt - [1455 octets] - [10/02/2014 18:15:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4775 octets] ##########
 

 

AdwCleaner [R2]

 

# AdwCleaner v3.018 - Report created 10/02/2014 at 16:25:59
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Josipa - GREGOR
# Running from : D:\Programi\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Program Files (x86)\Common Files\spigot
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Josipa\AppData\Local\Conduit
Folder Found C:\Users\Josipa\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ File : C:\Users\Josipa\AppData\Roaming\Mozilla\Firefox\Profiles\0kg7fxn9.default-1384422215598\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Josipa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2066 octets] - [05/11/2013 22:59:16]
AdwCleaner[R1].txt - [1171 octets] - [12/11/2013 12:29:01]
AdwCleaner[R2].txt - [1563 octets] - [10/02/2014 16:25:59]
AdwCleaner[S0].txt - [2043 octets] - [05/11/2013 23:00:15]
AdwCleaner[S1].txt - [1196 octets] - [12/11/2013 12:31:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1743 octets] ##########
# AdwCleaner v3.018 - Report created 10/02/2014 at 19:22:52
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Josipa - GREGOR
# Running from : D:\Programi\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Application Updater

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Application Updater
Folder Found C:\Program Files (x86)\Common Files\spigot
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\IObit Apps Toolbar
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Josipa\AppData\LocalLow\Search Settings

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\Software\Search Settings
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ File : C:\Users\Josipa\AppData\Roaming\Mozilla\Firefox\Profiles\0kg7fxn9.default-1384422215598\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Josipa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2066 octets] - [05/11/2013 22:59:16]
AdwCleaner[R1].txt - [1171 octets] - [12/11/2013 12:29:01]
AdwCleaner[R2].txt - [4282 octets] - [10/02/2014 16:25:59]
AdwCleaner[R3].txt - [1213 octets] - [10/02/2014 16:57:06]
AdwCleaner[R4].txt - [1333 octets] - [10/02/2014 17:06:26]
AdwCleaner[R5].txt - [1394 octets] - [10/02/2014 18:13:48]
AdwCleaner[S0].txt - [2043 octets] - [05/11/2013 23:00:15]
AdwCleaner[S1].txt - [1196 octets] - [12/11/2013 12:31:13]
AdwCleaner[S2].txt - [1849 octets] - [10/02/2014 16:27:42]
AdwCleaner[S3].txt - [1275 octets] - [10/02/2014 16:58:14]
AdwCleaner[S4].txt - [1455 octets] - [10/02/2014 18:15:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4822 octets] ##########
 

 

And only one JRT...

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 Pro x64
Ran by Josipa on pon 10.02.2014. at 19:28:29,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\software informer



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Josipa\AppData\Roaming\software informer"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pon 10.02.2014. at 19:48:07,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by marija_peg, 10 February 2014 - 02:39 PM.


BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:09 AM

Posted 10 February 2014 - 02:36 PM

Hi,

 

AdwCleaner and JRT logs would be very helpful if you can locate them.
 
Let's see if you have a restore point to work from:
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 02:56 PM

Maybe the question marks are there because I'm using Russian language interface, so cyrillic letters..

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Josipa (administrator) on 10-02-2014 at 20:44:53
Running from "C:\Users\Josipa\Desktop"
?????????? Windows 8 ????????????????  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)
Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Gregor
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gigaset.lan

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : AC-72-89-1E-15-BE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : gigaset.lan
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
   Physical Address. . . . . . . . . : AC-72-89-1E-15-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8152:2efb:e64:9936%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.5.195(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 10. veljaźe 2014. 19:25:36
   Lease Expires . . . . . . . . . . : 11. veljaźe 2014. 20:29:05
   Default Gateway . . . . . . . . . : 192.168.5.1
   DHCP Server . . . . . . . . . . . : 192.168.5.1
   DHCPv6 IAID . . . . . . . . . . . : 330068617
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-7E-54-1C-54-04-A6-4D-39-89
   DNS Servers . . . . . . . . . . . : 192.168.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 54-04-A6-4D-39-89
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gigaset.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gigaset.lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c3e:4ad:a65b:e0d2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c3e:4ad:a65b:e0d2%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  sx763.gigaset.lan
Address:  192.168.5.1

Name:    google.com
Addresses:  2a00:1450:4001:c02::65
      173.194.70.139
      173.194.70.113
      173.194.70.138
      173.194.70.100
      173.194.70.101
      173.194.70.102


Pinging google.com [173.194.70.139] with 32 bytes of data:
Reply from 173.194.70.139: bytes=32 time=39ms TTL=45
Reply from 173.194.70.139: bytes=32 time=39ms TTL=45

Ping statistics for 173.194.70.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 39ms, Average = 39ms
Server:  sx763.gigaset.lan
Address:  192.168.5.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=155ms TTL=46
Reply from 98.139.183.24: bytes=32 time=153ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 153ms, Maximum = 155ms, Average = 154ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=18ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 18ms, Average = 11ms
===========================================================================
Interface List
 22...ac 72 89 1e 15 be ......Microsoft Hosted Network Virtual Adapter
 13...ac 72 89 1e 15 bd ......Intel® Centrino® Wireless-N 1030
 12...54 04 a6 4d 39 89 ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.5.1    192.168.5.195     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.5.0    255.255.255.0         On-link     192.168.5.195    281
    192.168.5.195  255.255.255.255         On-link     192.168.5.195    281
    192.168.5.255  255.255.255.255         On-link     192.168.5.195    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.5.195    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.5.195    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:5ef5:79fb:1c3e:4ad:a65b:e0d2/128
                                    On-link
 13    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::1c3e:4ad:a65b:e0d2/128
                                    On-link
 13    281 fe80::8152:2efb:e64:9936/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/10/2014 08:00:00 PM) (Source: ESENT) (User: )
Description: svchost (1668) SRUJet: ?????? -1811 (0xfffff8ed) ??? ???????? ????? ??????? C:\Windows\system32\SRU\SRU00194.log.

Error: (02/10/2014 07:49:45 PM) (Source: VSS) (User: )
Description: ?????? ???????? ??????????? ????: ?????????????? ?????? ??? ??????? ?????????? IVssWriterCallback.  hr = 0x80070005, Access is denied.
.
???????? ????????? ??????? - ???????????? ????????? ???????????? ?????????????? ???????? ??? ????????????? ????????.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53d4b43a-3136-4243-b9d4-dfd6788746b6}


System errors:
=============
Error: (02/10/2014 08:39:59 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:39:29 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:38:58 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:38:28 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:37:58 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:37:28 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:36:58 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:36:28 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:35:58 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/10/2014 08:35:28 PM) (Source: DCOM) (User: Gregor)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (02/10/2014 08:00:00 PM) (Source: ESENT)(User: )
Description: svchost1668SRUJet: C:\Windows\system32\SRU\SRU00194.log-1811 (0xfffff8ed)

Error: (02/10/2014 07:49:45 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53d4b43a-3136-4243-b9d4-dfd6788746b6}


=========================== Installed Programs ============================

???????? ???????? ???????????? Microsoft Office 2013 — ??????? (Version: 15.0.4420.1017)
µTorrent (Version: 3.3.2.30488)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 11 Corporate Edition (Version: 11.0.460)
Adobe Acrobat XI Pro (Version: 11.0.06)
Adobe AIR (Version: 4.0.0.1390)
Adobe Download Assistant (Version: 1.2.6)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Photoshop CC (Version: 14.0)
Alcor Micro USB Card Reader (Version: 3.4.117.01527)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.1.0)
ASUS LifeFrame3 (Version: 3.1.9)
ASUS Live Update (Version: 3.1.9)
ASUS Power4Gear Hybrid (Version: 2.1.1)
ASUS Splendid Video Enhancement Technology (Version: 1.03.0005)
ASUS Tutor (Version: 1.0.8)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.7)
ATK Package (Version: 1.0.0023)
avast! Free Antivirus (Version: 9.0.2013)
BS.Player FREE (Version: 2.66.1075)
CCleaner (Version: 4.10)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dropbox (Version: 2.0.26)
ETDWare PS/2-X64 11.5.2.1_WHQL (Version: 11.5.2.1)
Fences 2 (Version: 2.01)
Google Books Downloader version 1.6 (Version: 1.6)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2843)
Intel® Rapid Storage Technology (Version: 11.6.0.1030)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 14 (Version: 6.0.140)
Last.fm Scrobbler 2.1.36
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Keyboard Layout Creator 1.4 (Version: 1.4.6000)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Espanol (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - hrvatski (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Mystery Case Files - 13th Skull Collectors Edition (Version: 1.0.3.616)
Nokia Connectivity Cable Driver (Version: 7.1.172.0)
Nokia Suite (Version: 3.8.30.0)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
PC Connectivity Solution (Version: 12.0.109.0)
PDF Architect (Version: 1.1.83.9982)
PDF Settings CC (Version: 12.0)
PDFCreator (Version: 1.7.0)
PDFZilla V3.0.6
PowerISO (Version: 5.7)
Realtek High Definition Audio Driver (Version: 6.0.1.6728)
Revo Uninstaller 1.95 (Version: 1.95)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
Russian Phonetic Student - WinRus.com - Custom (Version: 1.0.3.40)
SDL MultiTerm SideBySide Tools (Version: 1.0.181)
SDL Passolo 2009 Essential SR3 (Version: SDL Passolo 2009 Essential SR3)
SDL Trados Studio 2009 SP3 (Version: 1.3.2307.0)
SecureW2 EAP Suite 1.1.4 for Windows
Sketch It! 3.1 (Version: 3.1)
Skype™ 6.11 (Version: 6.11.102)
Software Informer 1.3.1031.0
Sony PC Companion 2.10.181 (Version: 2.10.181)
Speccy (Version: 1.25)
SUPERAntiSpyware (Version: 5.6.1032)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition
USB Disk Security
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.1.1 (Version: 2.1.1)
Vuze (Version: 5.3.0.0)
Waterfox 24.0 (x64 en-US) (Version: 24.0)
WinDjView 2.0.2 (Version: 2.0.2)
Windows 8 Manager (Version: 2.0.2)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRus.com-Custom (Version: 1.0.3.40)
Wireless Console 3 (Version: 3.0.35)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================

Name: Bluetooth Device (Personal Area Network)
Description: ?????????? Bluetooth (?????? ????)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Audio Device on High Definition Audio Bus
Description: Audio Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2849.14 MB
Available physical RAM: 1868.09 MB
Total Pagefile: 5793.14 MB
Available Pagefile: 4527.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:100 GB) (Free:11.46 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:598.12 GB) (Free:545.18 GB) NTFS

========================= Users: ========================================

User accounts for \\GREGOR

Administrator            Guest                    Josipa                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

10-02-2014 13:15:39 Revo Uninstaller Pro's restore point - Sony PC Companion 2.10.181
10-02-2014 13:20:54 Revo Uninstaller Pro's restore point - Mystery Case Files - 13th Skull Collectors Edition
10-02-2014 15:53:52 Revo Uninstaller Pro's restore point - Software Informer 1.3.1031.0
10-02-2014 16:02:28 Revo Uninstaller Pro's restore point - USB Disk Security
10-02-2014 16:51:06 Installed Java 7 Update 51
10-02-2014 16:59:11 Installed Java 7 Update 51 (64-bit)
10-02-2014 17:07:24 Revo Uninstaller Pro's restore point - Adobe Acrobat XI Pro
10-02-2014 17:08:17 Removed Adobe Acrobat XI Pro.
10-02-2014 17:33:12 Installed Adobe Acrobat XI Pro.
10-02-2014 17:49:38 ???????? ??????????????
10-02-2014 18:49:46 Revo Uninstaller Pro's restore point - IObit Apps Toolbar v8.7
10-02-2014 18:50:37 Revo Uninstaller Pro's restore point - IObit Apps Toolbar v8.7
10-02-2014 18:52:55 Revo Uninstaller Pro's restore point - Auto Hide IP
10-02-2014 18:58:14 Revo Uninstaller Pro's restore point - IObit Apps Toolbar v8.7
10-02-2014 18:58:43 Removed IObit Apps Toolbar v8.7.

**** End of log ****
 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:09 AM

Posted 10 February 2014 - 03:06 PM

Hi,

 

Seems you last ran JRT at 19:28:29,55 and the restore points are from before that (earliest restore point from 13:15:39 it seems). Was the problem happening before that time?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 03:24 PM

I believe I installed Software Informer and all of the programs before the first uninstall with Revo, because the reason to start the Revo was to remove programs that I thought were the problem. In either case, I cannot revert back to 13:15:39. When I go to system restore, the earlier point is actually 16:53:52, which is totally different time from the ones listed above.

2comzpk.png

 

And in the JRT log I also saw that time is a bit messed up. I don't know how.

 

But all in all, the problems started with Software Informer and programs installed via it.



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:09 AM

Posted 10 February 2014 - 03:32 PM

Hi,

 

So, try one of those restore points before you ran JRT (I understand that not all of them after JRT, so hopefully if you restore the programs will work again). You might as well try the oldest one and then we can re-remove the programs, that is no problem. 

 

If not, then we can try other options.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 03:39 PM

Aha, I see what you're trying to say... OK, so I'll revert back to the earliest point, which will restore the dll error, I'll solve it with Autoruns and then I'll run AdwCleaner, and that's all, right?



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:09 AM

Posted 10 February 2014 - 03:42 PM

Hi,

Yes, that's the idea. Just don't run JRT ;)
You could probably remove the need for Autoruns by running AdwCleaner first. Also, you may need to remove the extra software again.
Tell me how it goes.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 04:08 PM

No luck, it won't open. It seems as this restore point was done after the problem arose. Also, the point I reverted to the first time was earlier than this one now, but I cannot get that earlier point anymore. I'll try to revert to a later point just to try my luck, I don't know.



#10 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 10 February 2014 - 04:39 PM

Later restore point - again no luck. After it rebooted I got a message that it couldn't be done, because some file may be protected by Avast and to try a later point. No idea. I'll go about uninstalling all the programs from Software Informer and reinstalling Adobe again and see how it goes..



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:09 AM

Posted 10 February 2014 - 04:45 PM

Hi,

Yeah, try using Revo to make sure it's a clean install as much as possible.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 11 February 2014 - 02:23 AM

I uninstalled everything but nothing fixes the error. I tried to do a system restore once more, it failed again, error code: 0xcc0000022, it said it couldn't retreive the restore point because the antivirus could be protecting the file. And if I cannot fix the error, I should turn Avast off and to try it one more time. File \??\Volume{08faa519-2bfe-4774-a70c-1da4296add7f}\Program Files\AVAST Software\Avast\defs\14021001\Sf2(64).dll could not be moved.

Now I'm doing sfc/scannow with administrator rights, the only problem is that the command line gives me only question marks because of the Russian interface, all I can see is the 79% progress. Can I somehow revert to normal code now because I don't see what it says? Thanks.

 

2vao7jc.png


Edited by marija_peg, 11 February 2014 - 02:26 AM.


#13 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 11 February 2014 - 02:58 AM

I got this:

 

2j5fdqa.png

here's the link to the log: https://skydrive.live.com/redir?resid=69D0AC80D4B04C07%21135



#14 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 11 February 2014 - 04:43 AM

The battle unravels. I've managed to revert to a restore point after sfc/scannow. What I did next was remove all unwanted programs installed through Software Informer which I loathe now forever, and I uninstalled Adobe completely. Then I ran AdwCleaner, rebooted, ran MalwareBytes Quick Scan and there it was, in all its glory, PUP.Optional.OpenCandy, in User/AppData/Roaming/PowerISO/Upgrade/PowerISO5.exe, an upgrade done through this horrible Software Informer. I sent them an uninstall message about all the problems they caused to me. I'll do what it says here http://www.bleepingcomputer.com/forums/t/510625/infected-with-pupoptionalopencandy/?p=3181520

 

Here's the log

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.10.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Josipa :: GREGOR [administrator]

Protection: Enabled

11.2.2014. 10:25:47
MBAM-log-2014-02-11 (10-36-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210368
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Josipa\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)
 



#15 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:09 AM

Posted 11 February 2014 - 09:28 AM

7 threats. :((((((

 

ESET:

C:\Users\Josipa\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Josipa\Desktop\Fli\FliFla\?i?\Ostatak\Dwnlds\Unlocker1.9.1.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Josipa\Desktop\Fli\FliFla\?i?\?i?o\Project\?i?o\FliFlaFlo\SetupBatteryCare.exe    Win32/OpenCandy potentially unsafe application
D:\Tata - vrati\Nova mapa\Downloads\CuteWriter (1).exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Tata - vrati\Nova mapa\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Tata - vrati\Nova mapa\Downloads\MB2_setup (1).exe    Win32/OpenCandy potentially unsafe application
D:\Tata - vrati\Nova mapa\Downloads\MB2_setup.exe    Win32/OpenCandy potentially unsafe application

 

Also, I would like to say that I used the computer a bit while it was scanning, later I saw that I should have not. But not too much, there were only a few tabs about how to get rid of PUP open. And MalwareBytes, which found one PUP but I left it like that, not doing anything.

And these files on D are there already for quite some time, I copied them from my father's USB :'(

what next, please?

 

EDIT: I removed the one PUP MB found, now it rebooted.


Edited by marija_peg, 11 February 2014 - 09:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users