Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spamware Invasion - Cannot Remove /whatthe


  • Please log in to reply
10 replies to this topic

#1 bjl12

bjl12

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 March 2014 - 06:13 PM

Somehow I downloaded or installed a program named "BlocktheAdApp".  It's basically an advertisement program which spams computers to death, clogging up ridiculous memory and bandwidth for meaningless crap.  I am a lamen and know very little about computers.  I tried uninstalling the program, and thought I did so successfully, until the next time I restarted my computer and this p.o.s. returned from hell...and now the program is no longer visible in my Installed Programs list, so I can't try uninstalling it again.

 

I did a google search and found these forums and specifically this thread: http://www.bleepingcomputer.com/forums/t/522394/unable-to-remove-chrome-extension/

 

I used 3 of 4 of Buddy215's suggested spyware/spamware/anti-virus software programs but have been unsuccessful in defeating my nemesis.  For the love of all that is good, can someone please help?  :bananas:

 

Also, here's my JRT if it helps anyone:

 

 
~~~ Services
 
 
 
~~~ Registry Values
 
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Softwarearrow-10x10.png\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Softwarearrow-10x10.png\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\searchURL\\Default
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\snapdo_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Softwarearrow-10x10.png\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] "hkey_current_user\softwarearrow-10x10.png\apn pip"
 
 
 
~~~ Files
 
Failed to delete: [File] "C:\end"
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\conduit"
 
 
 
 
 
Thank you so much in advance guys/girls!


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 16 March 2014 - 07:27 PM

Hi now also run these..
Please tell me the Browser you use.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bjl12

bjl12
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 March 2014 - 05:04 PM

Hey Boopme.

 

I want to thank you again, personally, up front for all your time and efforts  :love4u:

 

I use Google Chrome (will switch if that is better/easier/helps somehow).  My results are posted below.

 

Minitoolbox results:

 

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)

Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : BJLepo

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : home

 

Wireless LAN adapter Local Area Connection* 3:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2

   Physical Address. . . . . . . . . : 20-16-D8-68-08-E0

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 20-16-D8-68-08-E0

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)

   Physical Address. . . . . . . . . : 00-8C-FA-2E-DE-ED

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

   Physical Address. . . . . . . . . : 20-16-D8-68-08-E0

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::bd7b:ab89:35d2:4d0c%2(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, March 13, 2014 12:11:12 PM

   Lease Expires . . . . . . . . . . : Monday, March 17, 2014 9:41:05 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 320870104

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-57-44-3C-00-8C-FA-2E-DE-ED

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 2:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c60:10cf:93cb:5405(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::c60:10cf:93cb:5405%8(Preferred) 

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 251658240

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-57-44-3C-00-8C-FA-2E-DE-ED

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.home:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  Wireless_Broadband_Router.home

Address:  192.168.1.1

 

Name:    google.com

Addresses:  2607:f8b0:4004:807::1006

 74.125.228.231

 74.125.228.232

 74.125.228.230

 74.125.228.228

 74.125.228.225

 74.125.228.226

 74.125.228.238

 74.125.228.227

 74.125.228.229

 74.125.228.224

 74.125.228.233

 

 

Pinging google.com [74.125.228.225] with 32 bytes of data:

Reply from 74.125.228.225: bytes=32 time=15ms TTL=57

Reply from 74.125.228.225: bytes=32 time=16ms TTL=57

 

Ping statistics for 74.125.228.225:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server:  Wireless_Broadband_Router.home

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  98.139.183.24

 98.138.253.109

 206.190.36.45

 

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=26ms TTL=51

Reply from 98.139.183.24: bytes=32 time=29ms TTL=53

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 29ms, Average = 27ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=12ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 3ms, Maximum = 12ms, Average = 7ms

===========================================================================

Interface List

 12...20 16 d8 68 08 e0 ......Microsoft Wi-Fi Direct Virtual Adapter #2

  9...20 16 d8 68 08 e0 ......Microsoft Wi-Fi Direct Virtual Adapter

  4...00 8c fa 2e de ed ......Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)

  2...20 16 d8 68 08 e0 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

  1...........................Software Loopback Interface 1

  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link       192.168.1.5    281

      192.168.1.5  255.255.255.255         On-link       192.168.1.5    281

    192.168.1.255  255.255.255.255         On-link       192.168.1.5    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link       192.168.1.5    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link       192.168.1.5    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  8    306 ::/0                     On-link

  1    306 ::1/128                  On-link

  8    306 2001::/32                On-link

  8    306 2001:0:9d38:6abd:c60:10cf:93cb:5405/128

                                    On-link

  2    281 fe80::/64                On-link

  8    306 fe80::/64                On-link

  8    306 fe80::c60:10cf:93cb:5405/128

                                    On-link

  2    281 fe80::bd7b:ab89:35d2:4d0c/128

                                    On-link

  1    306 ff00::/8                 On-link

  2    281 ff00::/8                 On-link

  8    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/16/2014 09:42:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater17.3.0 since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7579391

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7579391

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7578204

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7578204

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1141

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1141

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (03/16/2014 10:00:05 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/15/2014 00:42:03 PM) (Source: Service Control Manager) (User: )

Description: The Windows Connect Now - Config Registrar service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (03/15/2014 00:42:02 PM) (Source: Service Control Manager) (User: )

Description: The Time Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (03/15/2014 00:42:02 PM) (Source: Service Control Manager) (User: )

Description: The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

 

Error: (03/15/2014 10:00:03 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/14/2014 00:24:52 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/13/2014 00:18:25 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/13/2014 00:12:26 PM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)

Description: ??\Device\HarddiskVolume33

 

Error: (03/13/2014 00:11:44 PM) (Source: Service Control Manager) (User: )

Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 

%%2

 

Error: (03/13/2014 00:11:42 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (03/16/2014 09:42:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: 

Details:

AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater17.3.0 since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7579391

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7579391

 

Error: (03/16/2014 09:41:02 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7578204

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7578204

 

Error: (03/16/2014 09:41:01 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1141

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1141

 

Error: (03/16/2014 07:34:44 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-12-26 12:53:52.180

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-26 12:53:02.887

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-26 12:52:26.636

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-26 12:51:40.419

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-26 12:47:22.684

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-25 11:24:46.851

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-25 11:24:46.586

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-25 11:21:55.464

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-25 11:21:14.789

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2013-12-25 11:21:14.520

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

=========================== Installed Programs ============================

 

Adobe Reader X (10.1.3) (Version: 10.1.3)

Apple Application Support (Version: 3.0)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Panorama Maker 6 (Version: 6.0.8.85)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.6)

avast! Free Antivirus (Version: 9.0.2013)

Battle.net

BitTorrent (Version: 7.8.2.30332)

Bonjour (Version: 3.0.0.10)

CCleaner (Version: 4.11)

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EPSON Connect version 1.0 (Version: 1.0)

Epson Customer Participation (Version: 1.4.0.0)

Epson Event Manager (Version: 3.01.0003)

Epson FAX Utility (Version: 1.30.00)

EPSON Scan

EPSON WF-2530 Series Printer Uninstall

EpsonNet Print (Version: 2.5.00)

Google Chrome (Version: 32.0.1700.102)

Google Update Helper (Version: 1.3.22.3)

GS-Supporter 1.80

Hearthstone

Intel® Management Engine Components (Version: 8.1.0.1252)

Intel® Processor Graphics (Version: 10.18.10.3308)

Intel® Rapid Storage Technology (Version: 11.5.2.1001)

Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

iTunes (Version: 11.1.4.62)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Movie Maker (Version: 16.4.3505.0912)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT110 (Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

Nikon Message Center 2 (Version: 2.1.0)

Photo Gallery (Version: 16.4.3505.0912)

Picture Control Utility x64 (Version: 1.5.0)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Premium Sound HD (Version: 1.12.5000)

QuickTime (Version: 7.74.80.86)

Realtek High Definition Audio Driver (Version: 6.0.1.6690)

Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)

Realtek WLAN Driver (Version: 2.00.0020)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Software Updater (Version: 4.2.6)

Spotify (Version: 0.9.7.16.g4b197456)

Synaptics Pointing Device Driver (Version: 16.2.10.5)

Toshiba App Place (Version: 1.0.6.3)

TOSHIBA Application Installer (Version: 9.0.1.4)

TOSHIBA Desktop Assist (Version: 1.00.0007.00002)

TOSHIBA eco Utility (Version: 2.0.0.6415)

TOSHIBA Function Key (Version: 1.00.6425.01)

TOSHIBA Password Utility (Version: v1.0.0.8)

TOSHIBA PC Health Monitor (Version: 1.8.17.640104)

TOSHIBA Quality Application (Version: 1.0.8)

TOSHIBA Recovery Media Creator (Version: 2.2.0.54043005)

TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.2.2.00)

TOSHIBA Service Station (Version: 2.4.4)

TOSHIBA System Driver (Version: 1.00.0013)

TOSHIBA System Settings (Version: 1.00.0002.32002)

TOSHIBA User's Guide (Version: 1.00.02)

TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A)

TOSHIBARegistration (Version: 1.1.6)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)

Windows Live Communications Platform (Version: 16.4.3505.0912)

Windows Live Essentials (Version: 16.4.3505.0912)

Windows Live Installer (Version: 16.4.3505.0912)

Windows Live Photo Common (Version: 16.4.3505.0912)

Windows Live PIMT Platform (Version: 16.4.3505.0912)

Windows Live SOXE (Version: 16.4.3505.0912)

Windows Live SOXE Definitions (Version: 16.4.3505.0912)

Windows Live UX Platform (Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 53%

Total physical RAM: 3980.21 MB

Available physical RAM: 1835.57 MB

Total Pagefile: 7311.71 MB

Available Pagefile: 4681.24 MB

Total Virtual: 4095.88 MB

Available Virtual: 3965.72 MB

 

========================= Partitions: =====================================

 

1 Drive c: (TI10653400C) (Fixed) (Total:585.71 GB) (Free:438.15 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\BJLEPO

 

Administrator            Brian                    Guest                    

 

 

**** End of log ****

 

ADW Cleaner results:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 22:07:01

# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Brian - BJLEPO
# Running from : C:\Users\Brian\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater17.3.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DigiiCoupoon
Folder Deleted : C:\ProgramData\greatsavoer
Folder Deleted : C:\Program Files (x86)\GS-Enabler
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Brian\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Brian\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Brian\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6675 octets] - [16/03/2014 22:04:28]
AdwCleaner[S0].txt - [6288 octets] - [16/03/2014 22:07:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6348 octets] ##########
 
ESET results:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GS-Enabler\Assistant_x64.dll.vir a variant of Win64/SProtector.A potentially unwanted application
 
*******The ESET scan was inconclusive.  I ran the scan twice and each time the scan "froze" at 2562 files (or 47% progress).  At the time of stoppage 1 Thread was found: a variant of Win64/SProtector.
 
I hope this helps in some way.  Again I cannot thank you enough.  All these spyware/malware/anti-virus programs make me want to  :guitar:  and  :bounce: , but I'll save my  :bananas: till the end!

Edited by bjl12, 17 March 2014 - 05:08 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:44 AM

Posted 17 March 2014 - 05:31 PM

Hi -

Just a quick line with JRT :

Close all open programs and shut down any protection/security software to avoid potential conflicts.

 

How To Temporarily Disable Your Anti-virus Only due to many "Failed to delete".

 

If you still have the Result.txt from MiniToolBox, the top section is missing (about 5 lines)



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 17 March 2014 - 05:57 PM

Hello, I was about to ask you to either disable your AV or did you run JRT as Administraor so we can clean thse items. It appears to be also affecting ESET.

Look in Firefox add ons for anything BlocktheAdApp to disable.

Edited by boopme, 17 March 2014 - 05:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bjl12

bjl12
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 March 2014 - 08:13 PM

Okay so I turned off Anti-virus and I turned off Malware protection.  I reran most of the scans.  Here are the results:

 

Mini Toolbox:
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Brian (administrator) on 17-03-2014 at 19:21:05
Running from "C:\Users\Brian\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
ESET:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GS-Enabler\Assistant_x64.dll.vir a variant of Win64/SProtector.A potentially unwanted application deleted - quarantined
 
JRT: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Brian on Mon 03/17/2014 at 19:28:43.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/17/2014 at 19:35:29.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADW Cleaner:
 
# AdwCleaner v3.022 - Report created 17/03/2014 at 21:03:28
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Brian - BJLEPO
# Running from : C:\Users\Brian\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6675 octets] - [16/03/2014 22:04:28]
AdwCleaner[R1].txt - [860 octets] - [17/03/2014 21:01:54]
AdwCleaner[S0].txt - [6476 octets] - [16/03/2014 22:07:01]
AdwCleaner[S1].txt - [782 octets] - [17/03/2014 21:03:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [841 octets] ##########
 

 

 

I don't use Firefox or have it installed but do you think I need to install it and then disable the add-on?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 17 March 2014 - 08:23 PM

My error, thought I saw FF,, Do the same for Chrome.. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bjl12

bjl12
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 March 2014 - 10:19 PM

So incredibly frustrating.  It's not an add-on but is an "extension" and I can't disactivate it.  It's not an option to do so.  Will this work guys?

 

http://malwaretips.com/blogs/this-extension-is-managed-and-cannot-be-removed-or-disabled-removal/



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 18 March 2014 - 09:46 AM

Yes, if that is too much for you we can move you and have someone take it out.

Edited by boopme, 18 March 2014 - 09:46 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bjl12

bjl12
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 18 March 2014 - 08:54 PM

Well I tried the instructions on that website and a different website but neither of them are for the specific version of Chrome that I am running, so they didn't work :/

 

What do you mean move me/have it taken out?



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 19 March 2014 - 09:28 AM

Ok, I mean we will repost. Mpve to a new topic so we can get a deeper look and use tools that are stronge and we do not allow here in AII..

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.

Put this link back to here in the new topic.
http://www.bleepingcomputer.com/forums/t/527734/spamware-invasion-cannot-remove-whatthe/#entry3318907

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users