Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying To Rule Out Malware/Virus


  • Please log in to reply
24 replies to this topic

#1 tsquared56

tsquared56

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 10 June 2014 - 04:45 PM

So I've been having a lot of what I'm deeming "unexpected shutdowns and restarts".  Hamluis on the Win7 thread referred me over here to rule out anything malicious first because there are no smoking guns with hardware/temperatures in Event Viewer.

 

Here's the link to the previous thread.

 

What's my first step?

 

Thanks!

Tim



BC AdBot (Login to Remove)

 


#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 10 June 2014 - 06:21 PM

tsquared56:

Sometimes resitting the memory will help.  Open the computer, take out and reset memory modules.  This is more common in desktops, but will help even in laptops.

Best of luck.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:04 PM

Posted 10 June 2014 - 07:35 PM

Also then we should run these..


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 05:19 AM

MiniToolBox:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Two Times (administrator) on 11-06-2014 at 06:03:37
Running from "C:\Users\Two Times\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCI GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TwoTimes-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net.
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.ct.comcast.net.
   Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
   Physical Address. . . . . . . . . : 14-DA-E9-4A-4E-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::58ae:3f42:b380:919c%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 11, 2014 3:22:44 AM
   Lease Expires . . . . . . . . . . : Thursday, June 12, 2014 3:22:43 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 236247785
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-3D-E7-73-14-DA-E9-4A-4E-14
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.hsd1.ct.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ct.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3885:2f5d:51c1:4508(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3885:2f5d:51c1:4508%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    google.com
Addresses:  2607:f8b0:4006:809::1000
 74.125.226.38
 74.125.226.39
 74.125.226.37
 74.125.226.41
 74.125.226.34
 74.125.226.33
 74.125.226.35
 74.125.226.32
 74.125.226.36
 74.125.226.40
 74.125.226.46
 
 
Pinging google.com [173.194.43.46] with 32 bytes of data:
Reply from 173.194.43.46: bytes=32 time=21ms TTL=54
Reply from 173.194.43.46: bytes=32 time=19ms TTL=54
 
Ping statistics for 173.194.43.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 21ms, Average = 20ms
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=62ms TTL=49
Reply from 98.138.253.109: bytes=32 time=61ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 62ms, Average = 61ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...14 da e9 4a 4e 14 ......Realtek PCI GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    276
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:3885:2f5d:51c1:4508/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3885:2f5d:51c1:4508/128
                                    On-link
 11    276 fe80::58ae:3f42:b380:919c/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/11/2014 03:23:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 00:25:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/10/2014 04:50:47 PM) (Source: Application Hang) (User: )
Description: The program MediaMonkey (non-skinned).exe version 4.0.7.1511 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 28a0
 
Start Time: 01cf84ec9b52d4c1
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
 
Report Id: dba23126-f0e0-11e3-9a1c-14dae94a4e14
 
Error: (06/10/2014 03:51:08 PM) (Source: Application Hang) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16c4
 
Start Time: 01cf84e519dbc88f
 
Termination Time: 3
 
Application Path: C:\Windows\system32\mmc.exe
 
Report Id: 8738ba1c-f0d8-11e3-9a1c-14dae94a4e14
 
Error: (06/10/2014 06:46:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2014 04:43:14 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\3d1c09eb-7ddb-4da4-9e7f-11d074620a93.dmp
 
Error: (06/07/2014 00:19:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/06/2014 03:12:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 11:57:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 01:13:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (06/10/2014 06:44:34 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:42:14 AM on ?6/?10/?2014 was unexpected.
 
Error: (06/06/2014 11:55:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:53:32 AM on ?6/?6/?2014 was unexpected.
 
Error: (06/05/2014 06:37:39 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:35:16 PM on ?6/?5/?2014 was unexpected.
 
Error: (05/31/2014 00:37:50 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/31/2014 00:37:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/31/2014 00:35:23 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:25:31 AM on ?5/?31/?2014 was unexpected.
 
Error: (05/22/2014 08:55:50 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/22/2014 08:55:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/19/2014 04:53:24 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:49:44 AM on ?5/?19/?2014 was unexpected.
 
Error: (05/17/2014 05:42:04 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (06/11/2014 03:23:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 00:25:58 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/10/2014 04:50:47 PM) (Source: Application Hang)(User: )
Description: MediaMonkey (non-skinned).exe4.0.7.151128a001cf84ec9b52d4c16C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exedba23126-f0e0-11e3-9a1c-14dae94a4e14
 
Error: (06/10/2014 03:51:08 PM) (Source: Application Hang)(User: )
Description: mmc.exe6.1.7600.1638516c401cf84e519dbc88f3C:\Windows\system32\mmc.exe8738ba1c-f0d8-11e3-9a1c-14dae94a4e14
 
Error: (06/10/2014 06:46:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/07/2014 04:43:14 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\3d1c09eb-7ddb-4da4-9e7f-11d074620a93.dmp
 
Error: (06/07/2014 00:19:03 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/06/2014 03:12:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 11:57:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 01:13:10 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-28 19:33:16.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-28 19:33:16.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:59.944
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:59.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:58.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:58.695
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:57.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:57.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:56.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-05 20:59:56.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 3.9.0.1030)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Amazon Cloud Player (Version: 2.4.0.33)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (Version: 2013.1206.1603.28764)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81206.1620)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Assassin’s Creed IV Black Flag
Assassin's Creed
Assassin's Creed III 1.01 (Version: 1.01)
avast! Free Antivirus (Version: 9.0.2018)
Baldur's Gate Enhanced Edition (Version: 0.2.6.2)
Baldur's Gate™ II - Throne of Bhaal ™
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764)
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764)
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764)
CCC Help Chinese Standard (Version: 2013.1206.1602.28764)
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764)
CCC Help Czech (Version: 2013.1206.1602.28764)
CCC Help Danish (Version: 2013.1206.1602.28764)
CCC Help Dutch (Version: 2013.1206.1602.28764)
CCC Help English (Version: 2013.1206.1602.28764)
CCC Help Finnish (Version: 2013.1206.1602.28764)
CCC Help French (Version: 2013.1206.1602.28764)
CCC Help German (Version: 2013.1206.1602.28764)
CCC Help Greek (Version: 2013.1206.1602.28764)
CCC Help Hungarian (Version: 2013.1206.1602.28764)
CCC Help Italian (Version: 2013.1206.1602.28764)
CCC Help Japanese (Version: 2013.1206.1602.28764)
CCC Help Korean (Version: 2013.1206.1602.28764)
CCC Help Norwegian (Version: 2013.1206.1602.28764)
CCC Help Polish (Version: 2013.1206.1602.28764)
CCC Help Portuguese (Version: 2013.1206.1602.28764)
CCC Help Russian (Version: 2013.1206.1602.28764)
CCC Help Spanish (Version: 2013.1206.1602.28764)
CCC Help Swedish (Version: 2013.1206.1602.28764)
CCC Help Thai (Version: 2013.1206.1602.28764)
CCC Help Turkish (Version: 2013.1206.1602.28764)
ccc-utility64 (Version: 2013.1206.1603.28764)
CDBurnerXP (Version: 4.3.5.2256)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Core Temp 1.0 RC2 (Version: 1.0)
CPUID CPU-Z 1.58
CPUID HWMonitor 1.18
Creative Centrale (Version: 1.19.02)
Creative MediaSource (Version: 3.00)
Creative Removable Disk Manager
Creative Software Update (Version: 1.03.01)
Creative ZEN Mozaic User's Guide
CyberLink Blu-ray Disc Suite (Version: 6.0.4703)
CyberLink LabelPrint (Version: 2.5.3620)
CyberLink Power2Go (Version: 6.1.4813)
CyberLink PowerBackup (Version: 2.5.6023)
CyberLink PowerDirector (Version: 7.0.3227)
CyberLink PowerDVD 10 (Version: 10.0.2425.52)
CyberLink PowerProducer (Version: 5.0.2.2429)
Direct MP3 Joiner version 3.0.2.9 (Version: 3.0.2.9)
Direct WAV MP3 Splitter version 2.7.0.25 (Version: 2.7.0.25)
Dishonored (Version: 1.0)
Dragon Age II (Version: 1.04)
Dragon Age: Origins (Version: 1.00)
Dragon Age™ II (Version: 1.04.8524.0)
Easy MP3 Cutter 3.0
ESET Online Scanner v3
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.12.6
Fan Xpert (Version: 1.00.13)
FIFA 11 (Version: 1.0.0.0)
FIFA 12 (Version: 1.5.0.0)
FIFA 13 (Version: 1.7.0.0)
FIFA 14 (Version: 1.0.0.7)
FINAL FANTASY VII (Version: 1.0)
Focus MP3 Recorder Splitter 3.4
Fraps
Free M4a to MP3 Converter 8.1
FXAA Post Process Injector
GameFly (Version: 1.2.364)
Google Chrome (Version: 35.0.1916.114)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.24.7)
iTunes (Version: 11.2.0.115)
Java 7 Update 51 (64-bit) (Version: 7.0.510)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
JMicron JMB36X Driver (Version: 1.17.58.2)
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (Version: 1.0)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Logitech Gaming Software 8.12 (Version: 8.12.030)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
marvell 91xx driver (Version: 1.0.0.1034)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
MotioninJoy ds3 driver version 0.6.0001 (Version: 0.6.00001)
Mozilla Firefox 29.0.1 (x86 en-US) (Version: 29.0.1)
Mozilla Maintenance Service (Version: 29.0.1)
MP3 Butcher 1.1.98 (Version: 1.1.98)
Mp3 Cutter and Joiner 1.0
MusicBee 2.2 (Version: 2.2)
Nexus Mod Manager (Version: 0.47.3)
NVIDIA PhysX (Version: 9.11.1111)
Oblivion - Horse Armor Pack (Version: 1.00.0000)
Oblivion - Knights of the Nine (Version: 1.00.0000)
Oblivion - Mehrunes Razor (Version: 1.00.0000)
Oblivion - Orrery (Version: 1.00.0000)
Oblivion - Spell Tomes (Version: 1.00.0000)
Oblivion - Thieves Den (Version: 1.00.0000)
Oblivion - Vile Lair (Version: 1.00.0000)
Oblivion - Wizard's Tower (Version: 1.00.0000)
Oblivion (Version: 1.00.0000)
OpenAL
Origin (Version: 8.5.2.23)
PCSX2 - Playstation 2 Emulator
PunkBuster Services (Version: 0.991)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6037)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Riptunes - YouTube to MP3 Converter (Version: 2.0)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Speccy (Version: 1.26)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1032)
System Requirements Lab CYRI (Version: 6.0.8.0)
The Elder Scrolls V: Skyrim
The Witcher 2: Assassins of Kings Enhanced Edition
The Witcher: Enhanced Edition
Uplay (Version: 4.0)
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 12279.11 MB
Available physical RAM: 9290.61 MB
Total Pagefile: 24556.41 MB
Available Pagefile: 20847.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.95 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:427.28 GB) NTFS
2 Drive d: (BG2 ToB) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
3 Drive e: (Backup) (Fixed) (Total:224.08 GB) (Free:0 GB) NTFS
4 Drive f: (HP_RECOVERY) (Fixed) (Total:8.79 GB) (Free:0.4 GB) FAT32
6 Drive h: (SKYRIM_EN) (CDROM) (Total:5.1 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\TWOTIMES-PC
 
Administrator            Guest                    Two Times                
 
 
**** End of log ****


#5 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 05:23 AM

TDSS - No Threats Found.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:04 PM

Posted 11 June 2014 - 11:22 AM

Ok, we'll wait for all.

 

Note your Backup drive is full

 

These can be uninstalled thru Control Panel as they are outdated

Java 7 Update 51 (64-bit) (Version: 7.0.510)
Java 7 Update 55 (Version: 7.0.550)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 04:47 PM

AdwCleaner

 

# AdwCleaner v3.212 - Report created 11/06/2014 at 06:24:08
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Two Times - TWOTIMES-PC
# Running from : C:\Users\Two Times\Downloads\AdwCleaner (2).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Two Times\AppData\Roaming\Mozilla\Firefox\Profiles\bq02wsql.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Two Times\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1864 octets] - [28/08/2013 18:09:14]
AdwCleaner[R1].txt - [1199 octets] - [11/06/2014 06:24:08]
AdwCleaner[S0].txt - [1864 octets] - [28/08/2013 18:12:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1319 octets] ##########

Yeah, sorry for doing it haphazardly - trying to get them done asap.



#8 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 04:54 PM

The post-restart AdwClean:

 

# AdwCleaner v3.212 - Report created 11/06/2014 at 17:47:53
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Two Times - TWOTIMES-PC
# Running from : C:\Users\Two Times\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Two Times\AppData\Roaming\Mozilla\Firefox\Profiles\bq02wsql.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Two Times\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1864 octets] - [28/08/2013 18:09:14]
AdwCleaner[R1].txt - [1403 octets] - [11/06/2014 06:24:08]
AdwCleaner[S0].txt - [1864 octets] - [28/08/2013 18:12:27]
AdwCleaner[S1].txt - [1328 octets] - [11/06/2014 17:47:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1388 octets] ##########


#9 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 05:14 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Two Times on Wed 06/11/2014 at 18:05:32.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Two Times\AppData\Roaming\getrighttogo"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Two Times\AppData\Roaming\mozilla\firefox\profiles\bq02wsql.default\minidumps [41 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/11/2014 at 18:08:08.39
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
During the JRT running, it made me restart due to a "bad module".  Is that akin to a RAM module?


#10 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 05:42 PM

I will run ESET later tonight and post the log.



#11 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 11 June 2014 - 07:56 PM

ESET log:

 

C:\Users\Two Times\AppData\Local\Temp\dlm6E7B.tmp\m4a-to-mp3-converter-cnet.exe Win32/Somoto.E potentially unwanted application deleted - quarantined
C:\Users\Two Times\Desktop\HP p6110y files\2011-02-27_19-47-33\Memeo\2011-02-27_19-47-33\C_\Users\Tim\Downloads\switchsetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\cbsidlm-cbsi118-RipTunes_YouTube_to_MP3_Converter-ORG-75756373.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\cbsidlm-cbsi134-Free_M4a_to_MP3_Converter-SEO-187723 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\cbsidlm-cbsi134-Free_M4a_to_MP3_Converter-SEO-187723.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\wavtomp3_setup (1).exe Win32/OutBrowse.L potentially unwanted application deleted - quarantined
C:\Users\Two Times\Downloads\wavtomp3_setup.exe Win32/OutBrowse.L potentially unwanted application deleted - quarantined


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:04 PM

Posted 11 June 2014 - 08:36 PM

Hi, no that was not RAM, but an issue in JRT.

Looks good. Some not to harmful malware that came with a CNET download.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>
----------
  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 12 June 2014 - 05:05 PM

Quick or full MBAM scan?



#14 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:04 PM

Posted 12 June 2014 - 05:16 PM

MBAM (quick scan):

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.06.12.13
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Two Times :: TWOTIMES-PC [administrator]
 
6/12/2014 6:12:03 PM
mbam-log-2014-06-12 (18-12-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256548
Time elapsed: 3 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:04 PM

Posted 13 June 2014 - 11:13 AM

Quick was the choice

Ok if there are no more issues....
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users