Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network activity in Rainmeter but not Task Manager; IP blocked from some sites


  • Please log in to reply
12 replies to this topic

#1 Tom Brokaw

Tom Brokaw

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 January 2015 - 02:16 PM

Windows 7 Home Premium x64

Firefox 35

Desktop, wired connection.

 

Issue summary:

I am suddenly blocked from both a site I visit frequently (craigslist) and a site I've never been to previously, apparently for too many hits from my IP address.

I see network traffic that I did not initiate and do not expect.

 

Details:

Issue noticed 1/16. Started when I went to browse craigslist and got a notification that my IP had been automatically blocked.  I have contacted them as directed but have not heard back yet.

 

This IP has been automatically blocked. If you have questions, please email: blocks-b1419720017783175@craigslist.org

The same message is returned when I go to other craigslist cities, eg newyork.craigslist.com.

 

I went to this site (I'm researching a video card upgrade) and it also returned a message indicating I've been blocked

http://graphics-cards.electronicsnif.com/compare/90-811/ATI-AMD-Radeon-HD-6870-vs-XFX-Radeon-HD-7950-FX-795A-TDFC

 


Woah! You're being rate-limited.

Our servers have seen too many requests from you recently.

Please enter the code below to continue browsing

 

I had never been to that particular site before and have now been twice, the second time to get the URL and paste the error message.  I can access both sites fine using Hola Unblocker and setting it to report that I'm browsing from the UK.  I ran my IP address through a couple blacklist checks and it doesn't appear to be blacklisted, so I wouldn't think I've inherited a blacklisted IP address from some spammer.

 

I run Rainmeter (desktop customization program) and it has been showing upload activity, as well as some download activity.  Task Manager does not show any network use.  I exited my browser, Dropbox, Onedrive, Copy.com, Steam; killed my Amazon music download helper - anything with the remote possibility of generating network traffic. No change.  A side note: This particular measurement in Rainmeter is in Bytes per second, and it has reported up to 3-4kB/s.  I'd expect to see up to maybe half a kB as various services ping for updates, but this seems excessive to me.  I honestly can't say I've noted what it was in the past, but I believe it was significantly lower and less constant.

 

I rebooted into Safe Mode with Networking.  I can start Rainmeter manually in safe mode and it does not show the network activity in Safe Mode.  I updated my Malwarebytes installation and ran a scan; it came up with three PUPs (Conduit and something else) but the issue returned when I booted into Windows normally.

 

I've downloaded and run CurrPorts, to try and see what's transmitting, and ProcessExplorer to try and see what process might be causing this.  Nothing jumps out as obviously suspicious, and I'm not sure how to read all the information available in CurrPorts.  There are a lot of "unknowns" in that application.

 

The router only shows two wireless connections, which I believe are the two smartphones in the house.

 

I just updated Avast Free to the latest version and will run a full scan after the requested reboot.  Ran half a full scan last night; it did not complete before I needed to go to bed, so that's one thing that still needs to be completed.

 

Thanks for your time.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 07:58 AM

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
 
Step 5: Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

[/*]

Step 6: Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 
Step 7: Report
 
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.



#3 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 06:39 PM

Thanks very much.  I will post the results of each application separately as I do not appear to be able to post it all at once.  After performing the requested scans, I am able to access both sites normally, but I still see unexpected upload activity.  I have also completed an Avast! boot time scan that did not return any results.

Performance has not noticeably changed.  For the past two or three weeks , I have been getting some system restarts and an occasional hang that requires a hard reboot.  I believe this is one of two hardware issues:
The first is that I had a used hard drive installed for the purpose of installing the Win10 preview but never got around to it.  I've since removed it and have not had that problem since, but the freezes were  intermittent and it has been less than a week since I took it out.

The second is the age of the components, specifically the motherboard.  My original Asus P5B (vanilla) died in September 2013 and was replaced with the same model a couple months later.  Given that these were only made for so long, this replacement is probably as old as the one that died.  The symptoms of that death were complete freezeup, regardless of how stressful a given task might be, from opening notepad++ to running Crysis or rendering 3D fractals, and eventually failure to POST.

Having said that it hasn't changed, it's usually 5-10 minutes until it's useable when booting.  I turn it off each night when I go to bed and it stays off for about 18 hours until I'm home the next day.  This is done mainly to save power but also to keep current on OS updates.  

I need to upgrade, but I hate to sink money into DDR3 when DDR4 is so close to widespread release.

MiniToolBox

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Tom Brokaw (administrator) on 18-01-2015 at 11:15:19
Running from "H:\Program Setups\Anti Malware"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 hl2rcv.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection* 13-QoS Packet Scheduler-0000" address=192.168.56.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : M3
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1B-FC-E7-14-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4932:ca72:65ec:d721%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, January 18, 2015 11:10:06 AM
   Lease Expires . . . . . . . . . . : Sunday, January 18, 2015 1:10:07 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 402660348
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-46-C6-EF-00-18-F3-63-A1-9F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2c41:383e:3f57:fe9b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c41:383e:3f57:fe9b%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{924A8F35-4154-4875-BFBA-7CE4E4910911}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4007:804::1009
      74.125.224.104
      74.125.224.110
      74.125.224.100
      74.125.224.97
      74.125.224.98
      74.125.224.101
      74.125.224.103
      74.125.224.96
      74.125.224.102
      74.125.224.105
      74.125.224.99


Pinging google.com [74.125.224.110] with 32 bytes of data:
Reply from 74.125.224.110: bytes=32 time=19ms TTL=55
Reply from 74.125.224.110: bytes=32 time=19ms TTL=55

Ping statistics for 74.125.224.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=91ms TTL=52
Reply from 98.139.183.24: bytes=32 time=89ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 91ms, Average = 90ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 22...00 1b fc e7 14 5c ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:5ef5:79fd:2c41:383e:3f57:fe9b/128
                                    On-link
 22    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::2c41:383e:3f57:fe9b/128
                                    On-link
 22    276 fe80::4932:ca72:65ec:d721/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 22    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/17/2015 11:50:33 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java™ 6 Update 22; Error = 0x80070422).

Error: (01/17/2015 11:50:29 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java™ 6 Update 22; Error = 0x80070422).

Error: (01/17/2015 11:49:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java™ 6 Update 37; Error = 0x80070422).

Error: (01/17/2015 11:49:18 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java™ 6 Update 37; Error = 0x80070422).

Error: (01/17/2015 11:26:10 AM) (Source: Application Hang) (User: )
Description: The program AvastUI.exe version 10.0.2208.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1064

Start Time: 01d0328ab2a07351

Termination Time: 60000

Application Path: C:\Program Files\Alwil Software\Avast5\AvastUI.exe

Report Id: 851eb753-9e7e-11e4-9c83-001bfce7145c

Error: (01/17/2015 10:52:51 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Alwil Software\Avast5\setup\New\instup.exe Files\Alwil Software\Avast5\setup\New\instup.exe" /instop:update_vps_and_program /session_id:5 /wait; Description = avast! antivirus system restore point; Error = 0x80070422).

Error: (01/17/2015 09:55:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: cports.exe, version: 2.1.2.0, time stamp: 0x547ee246
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000007723000a
Faulting process id: 0x960
Faulting application start time: 0xcports.exe0
Faulting application path: cports.exe1
Faulting module path: cports.exe2
Report Id: cports.exe3

Error: (01/17/2015 09:21:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3
Faulting module name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3
Exception code: 0xc0000417
Fault offset: 0x00000000000a4c05
Faulting process id: 0xccc
Faulting application start time: 0xprocexp64.exe0
Faulting application path: procexp64.exe1
Faulting module path: procexp64.exe2
Report Id: procexp64.exe3

Error: (01/16/2015 06:27:53 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (01/16/2015 06:22:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (01/18/2015 10:35:48 AM) (Source: TermService) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.

Error: (01/18/2015 10:35:16 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/17/2015 11:30:06 AM) (Source: TermService) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.

Error: (01/17/2015 11:29:22 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/17/2015 11:28:57 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:27:45 AM on ?1/?17/?2015 was unexpected.

Error: (01/17/2015 11:25:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service hung on starting.

Error: (01/17/2015 11:23:18 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (01/17/2015 11:23:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (01/17/2015 11:20:33 AM) (Source: TermService) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.

Error: (01/17/2015 11:19:58 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (01/17/2015 11:50:33 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java™ 6 Update 220x80070422

Error: (01/17/2015 11:50:29 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java™ 6 Update 220x80070422

Error: (01/17/2015 11:49:30 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java™ 6 Update 370x80070422

Error: (01/17/2015 11:49:18 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java™ 6 Update 370x80070422

Error: (01/17/2015 11:26:10 AM) (Source: Application Hang)(User: )
Description: AvastUI.exe10.0.2208.726106401d0328ab2a0735160000C:\Program Files\Alwil Software\Avast5\AvastUI.exe851eb753-9e7e-11e4-9c83-001bfce7145c

Error: (01/17/2015 10:52:51 AM) (Source: System Restore)(User: )
Description: C:\Program Files\Alwil Software\Avast5\setup\New\instup.exe Files\Alwil Software\Avast5\setup\New\instup.exe" /instop:update_vps_and_program /session_id:5 /waitavast! antivirus system restore point0x80070422

Error: (01/17/2015 09:55:26 AM) (Source: Application Error)(User: )
Description: cports.exe2.1.2.0547ee246unknown0.0.0.000000000c0000005000000007723000a96001d0327e94daf3eeH:\Program Setups\Networking Tools\CurrPorts\cports.exeunknown03e99078-9e72-11e4-8ab2-001bfce7145c

Error: (01/17/2015 09:21:09 AM) (Source: Application Error)(User: )
Description: procexp64.exe16.4.0.05404afa3procexp64.exe16.4.0.05404afa3c000041700000000000a4c05ccc01d0327993c520a9C:\Users\Tom Brokaw\AppData\Local\Temp\procexp64.exeC:\Users\Tom Brokaw\AppData\Local\Temp\procexp64.exe396d4bb8-9e6d-11e4-8ab2-001bfce7145c

Error: (01/16/2015 06:27:53 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (01/16/2015 06:22:24 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-10-13 19:14:20.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:20.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:18.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:18.767
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:17.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:17.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:16.009
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:15.934
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:14.611
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-13 19:14:14.533
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom Brokaw\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



=========================== Installed Programs ============================
7+ Taskbar Tweaker v4.5.6 (HKCU\...\7 Taskbar Tweaker) (Version: 4.5.6 - RaMMicHaeL)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Alien Swarm Dedicated Server (HKLM-x32\...\Steam App 635) (Version:  - Valve)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (HKLM\...\{664279F5-676C-47F5-BCAE-736A4689980D}) (Version: 1.42.277.0 - Barracuda Networks, Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version:  - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
CyberScrub Professional 3.5 (HKLM-x32\...\CyberScrub Professional 3.5) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Studio 4 (64bit) (HKLM-x32\...\DAZ Studio 4 (64bit) 4.0.3.47) (Version: 4.0.3.47 - DAZ 3D)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.2 - Ruud Ketelaars)
DiskCheckup V3.0 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.0 - PassMark Software)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.3 - Activision)
Doom 3 (x32 Version: 1.3 - Activision) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.19) (Version: 4.0.0.19 - DAZ 3D)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eM Client (HKLM-x32\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)
E-muPatchMix DSP (HKLM-x32\...\EMU PatchMix DSP) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - )
FAKEFACTORY Cinematic Mod V12 (HKLM-x32\...\FAKEFACTORY CM12V12.20FULL) (Version: V12.20FULL - FAKEFACTORY)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
FreeFileSync 6.10 (HKLM-x32\...\FreeFileSync) (Version: 6.10 - Zenju)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Geeks3D.com FurMark 1.10.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox)
HaloSim (HKLM-x32\...\ST5UNST #1) (Version:  - )
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.17943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.0.9839 - Juniper Networks, Inc.)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
LMMS 1.1.0 (HKLM-x32\...\lmms) (Version: 1.1.0 - LMMS Developers)
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mandelbulber 64-bit OpenCL (HKLM-x32\...\071592D0-6A2A-41B8-A86F-25977C29DAED) (Version: 1.21-2 - Krzysztof Marczak)
Mandelbulber v2 (HKLM-x32\...\35A39AB0-5E9F-4B70-98DA-4B8158C89C4B) (Version: 2.01 - )
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Rockstar)
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Rockstar)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MilkDrop for Winamp 2x (remove only) (HKLM-x32\...\vis_milk.dllWinamp) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
Oddworld: Abe's Exoddus (HKLM-x32\...\Steam App 15710) (Version:  - Oddworld Inhabitants)
Oddworld: Abe's Oddysee (HKLM-x32\...\Steam App 15700) (Version:  - Oddworld Inhabitants)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.8.3-4883" - "Outerra")
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Prey (HKLM-x32\...\Steam App 3970) (Version:  - Human Head)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0 r2116 - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
S.T.A.L.K.E.R. - Clear Sky (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0007 - Deep Silver)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0005 - THQ)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)
Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version:  - Croteam)
Shadowgrounds: Survivor (HKLM-x32\...\Steam App 11200) (Version:  - Frozenbyte)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STP (HKLM-x32\...\{0B5A201C-A9D3-4596-AAE6-9FD71ED7A5FD}) (Version: 1.0.0 - Dawning.ca)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Survarium (HKLM-x32\...\{FEA2E954-A6D0-42FA-8FF1-DFA325758FAC}_is1) (Version: 0.25d - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Terragen (HKLM-x32\...\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}) (Version: 0.9.43 - Planetside Software)
Terragen 3 (HKLM\...\{F201ACDF-4376-4E72-8EF7-902C2773BA17}) (Version: 3.2.02 - Planetside Software)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version:  - Epic Games)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR) (HKLM-x32\...\{74B65337-CCF1-4664-A7FC-954A288A4C72}) (Version: 1.10.1002 - SAMSUNG)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XYplorerFree 14.80 (HKLM-x32\...\XYplorerFree) (Version: 14.80 - Donald Lessau)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zandronum (HKLM-x32\...\Zandronum) (Version: 1.2.2 - Zandronum)

========================= Devices: ================================

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 8191.18 MB
Available physical RAM: 4896.29 MB
Total Pagefile: 8701.36 MB
Available Pagefile: 5123.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:28.06 GB) NTFS
6 Drive h: (3TB Main) (Fixed) (Total:2794.39 GB) (Free:197.95 GB) NTFS

========================= Users: ========================================

User accounts for \\M3

Administrator            ASPNET                   Guest                    
Tom Brokaw                     Mcx1-M3                  


**** End of log ****


Edited by Tom Brokaw, 18 January 2015 - 06:40 PM.


#4 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 06:41 PM

Junk Removal Tool (First run, not explicitly run as admin, Windows Firewall still enabled.):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tom Brokaw on Sun 01/18/2015 at 11:50:37.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/18/2015 at 11:55:36.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(Second run, explicitly run as admin, Windows Firewall disabled.  Avast did not show as active for either run.)

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tom Brokaw on Sun 01/18/2015 at 11:59:17.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/18/2015 at 12:05:03.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner v4.108

# AdwCleaner v4.108 - Report created 18/01/2015 at 12:19:37
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom Brokaw - M3
# Running from : C:\Users\Tom Brokaw\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\Uninstaller
[x] Not Deleted : C:\Users\Tom Brokaw\AppData\Local\Hola
Folder Deleted : C:\Users\Tom Brokaw\AppData\Local\CrashRpt
File Deleted : C:\Users\Tom Brokaw\AppData\Roaming\Mozilla\Firefox\Profiles\v24puvo4.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Tom Brokaw\AppData\Roaming\Mozilla\Firefox\Profiles\v24puvo4.default\searchplugins\yahoo_ff.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v35.0 (x86 en-US)

[v24puvo4.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "eMusic Customized Web Search");
[v24puvo4.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}");

-\\ Google Chrome v39.0.2171.99

[C:\Users\Tom Brokaw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Tom Brokaw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2034 octets] - [18/01/2015 12:16:52]
AdwCleaner[S0].txt - [1903 octets] - [18/01/2015 12:19:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1963 octets] ##########


 

Adware Removal Tool v3.9
Note: this tool found files believed safe that contained "conduit" and "babylon" in the filename, eg C:\Program Files (x86)\Steam\steamapps\sourcemods\BMS\models\props_blackmesa\conduit_box.jpg.  The vast majority of these were in the Black Mesa Source folder, and the rest were Milkdrop files that contained Babylon in the filename.  I unchecked these files.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_01_18_12_27_26
OS: Windows 7 - 64 Bit
Account Name: Matt
U0L0S75

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished


#5 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 06:43 PM

Malwarebytes Rootkit:
"Scan finished, no malware found!"

After reboot:
mbar-log-2015-01-18 (12-47-54).txt

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Tom Brokaw :: M3 [administrator]

1/18/2015 12:47:54 PM
mbar-log-2015-01-18 (12-47-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 380032
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


system-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.995000 GHz
Memory total: 8589074432, free: 5420642304

Downloaded database version: v2015.01.18.08
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/18/2015 12:47:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spwt.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\a94ihonx.SYS
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\System32\drivers\CTHWIUT.SYS
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008a87060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007936680
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008a87060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007936680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008a86060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa80087c2060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008a87060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008a86a00, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008a87060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800878e520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007936680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0025dc120, 0xfffffa8008a87060, 0xfffffa800cb07790
Lower DeviceData: 0xfffff8a0167a58a0, 0xfffffa8007936680, 0xfffffa8008609090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008a86060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80088cd960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008a86060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80087c0520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80087c2060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a019c3f4e0, 0xfffffa8008a86060, 0xfffffa800cb4c790
Lower DeviceData: 0xfffff8a005a049c0, 0xfffffa80087c2060, 0xfffffa80084fc690
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2543795139
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid c3ebecdb-5e9c-4128-9d7f-7f8866b57730
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature b9d765bd4e5c420
    Backup GPT header Revision 2849317534 Size 3632517017 CRC 4294963198
    Backup GPT header CurrentLba = 9181600963774166814 BackupLba 6297470818743112808
    Backup GPT header FirstUsableLba 11619978212257744820  LastUsableLba 17923506999245296481
    Backup GPT header Guid dcafad15-31d-fdbe-5a45-c2b31dfabad8
    Backup GPT header Contains 2121132106 partition entries starting at LBA 3273164620510016227
    Backup GPT header Partition entry size = 4294910966

    GPT header and Backup GPT header have conflicting data

    Backup GPT partition header signature doesn't match "EFI PART" magic

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID bce7392e-5656-47bf-b86b-b3e56046c7
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4a51bd4b-944-44c4-92f5-bd9d34b48219
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 836B2D0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976566272

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished


 

Security Check:

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 DH Driver Cleaner Professional Edition
 Java 7 Update 71  
 Adobe Flash Player 16.0.0.257  
 Mozilla Firefox (35.0)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent````````  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 06:47 PM

Reset your router to factory settings, and set a new admin password.     Resetting your router and changing the router admin password

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.



#7 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 07:35 PM

Having a hard time following instructions today.  Started the full scan, then realized I'd failed to make sure it was updated, so aborted and updated.  Here are the results of that first scan.  I have cleaned the results.

 

After clicking Clean, I got a message that Windows had encountered some sort of error and needed to shut down.  I clicked the X on that dialog, not close, but failed to get a screenshot or the exact wording.  I then rebooted, and am running a full scan again.

 

I am currently getting a dialog that states the A drive is not ready.  I do not have a floppy A: drive either physically installed or logically configured in Windows or Daemon Tools.

 


rmtool.exe - Drive Not Ready

The drive is not ready for use; its door may be open.  Please check drive A: and make sure that a disk is inserted and that the drive door is closed

 

Cancel, Try Again, Continue

 

[quote]9-lab Removal Tool 1.0.0.25 BETA
9-lab.com

Database version: 93.27806

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17501
Tom Brokaw :: M3 not implemented yet

1/18/2015 4:18:04 PM
9lab-log-2015-01-18 (16-18-04).txt

Scan type:
Objects scanned: 12575
Time Elapsed: 2 m 1 s

Memory Processes detected: 1
Malware.Win64.Gen.sm!s1 [(PID:540) C:\Windows\System32\services.exe]


Files detected: 1
Malware.Win64.Gen.sm!s1 [(PID:540) C:\Windows\System32\services.exe]
Malware.Win64.Gen.sm!s1 [C:\Windows\System32\services.exe]


 

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 08:00 PM

Ok, post the new log when it has completed.

 

Then get me a scan from Eset.

 

 

Disable your antivirus prior to running this scan.

 

 

 

 

 

 

 esetonlinebtn.png

 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#9 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 09:00 PM

Here's the results of the second scan.  There's some embarrassing stuff in there, but there are also quite a few false positives, including the MiniToolkit installer.  I did not remove any of the items listed since there was no granular control.

 


9-lab Removal Tool 1.0.0.25 BETA
9-lab.com

Database version: 93.27806

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17501
Tom Brokaw :: M3 not implemented yet

1/18/2015 4:28:58 PM
9lab-log-2015-01-18 (16-28-58).txt

Scan type:
Objects scanned: 48852
Time Elapsed: 58 m 12 s

Registry Keys detected: 1
Malware.RPL.Gen.bot [\software\classes\.exe]


Files detected: 42
Malware.RPL.Gen.bot [\software\classes\.exe]
Malware.Win32.Gen.sm!s2 [H:\Backups\Documents\Rainmeter\Skins\@Backup\2011.11.27 19.27-01\Enigma\Resources\Variables\EnigmaConfigure.exe]
Malware.Win32.Gen.sm!s1 [H:\Backups\Program Setup Sync\Benchmarking\GPU-Z.0.6.5.exe]
Rootkit.Win64.Gen.rc!i [H:\Backups\Program Setup Sync\OS Customization\Explorer Plus Plus\Explorer++ 1.2.exe]
Rootkit.Win64.Gen.rc!i [H:\Backups\Program Setup Sync\OS Customization\Explorer Plus Plus\Explorer++.exe]
Mal/Fraud!se-722 [H:\Program Setups\Adobe\Adobe Illustrator CS2\Crack\keygen.exe]
Malware.Win32.Gen.sm!s2 [H:\Program Setups\Anti Malware\MiniToolBox.exe]
Rootkit.Win32.Gen.bot!s1 [H:\Program Setups\Audio Tools\LMMS\hydrogen-drumkits-for-lmms-0.4.10-win32.exe]
Rootkit.Win32.Gen.bot!s2 [H:\Program Setups\Audio Tools\MusiCutter\musiCutter.exe]
Malware.Win32.Gen.sm!s5 [H:\Program Setups\Backup Tools\FreeFileSync\FreeFileSync_6.10_Win_Setup.exe]
Malware.Win32.Gen.sm!s5 [H:\Program Setups\Backup Tools\FreeFileSync\FreeFileSync_6.8_Windows_Setup.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\Benchmarking\GPU-Z.0.6.5.exe]
Susp.Win32.Gen.sm!i [H:\Program Setups\CD Tools\Compiler Tools\download-MinGWStudioFullSetup-2_05.exe.exe]
Malware.Win32.Gen.sm!s5 [H:\Program Setups\CD Tools\Daemon Tools\daemon406-x86.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\G-Force\GForce Platinum\G-Force_Screen_Saver_115.exe]
Malware.Win32.Gen.sm!s2 [H:\Program Setups\Games\Doom 64\doom64_abstin.exe]
Malware.Win32.Gen.sm!s4 [H:\Program Setups\Games\HalfLife2\CM12.20_FULL\setup.exe]
Malware.Win32.Gen.7A18.sm!ff [H:\Program Setups\Games\System Shock\SYSTEMSHOCK-Portable-v1.2\RES\vesa.exe]
Susp.Win32.Gen.sm!i [H:\Program Setups\Hardware Monitors\coretemp_1236.exe]
Mal/Fraud!se-73 [H:\Program Setups\Hardware Monitors\Everest\Everest Ultimate Edition 2005 2.20.405\KeyGen\Lavalys.EVEREST.Ultimate.Edition.2005 2.20.405.Incl.Keygen-SSG.exe]
Malware.Win32.Gen.sm!s2 [H:\Program Setups\Hardware Testing and Boot utilities\Hiren's BootCD\15.2\BurnCDCC.exe]
Malware.Win32.Gen.an [H:\Program Setups\Hardware Testing and Boot utilities\Hiren's BootCD\15.2\HBCDCustomizer.exe]
Rootkit.Win64.Gen.rc!i [C:\Program Files\Explorer Plus Plus\Explorer++.exe]
Malware.Win32.Gen.sm!s2 [H:\Program Setups\Media Players\Miro\Miro_setup.exe]
Malware.Win32.Gen.sm!s4 [H:\Program Setups\Media Players\WinAmp\CLIMAX11.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\Media Players\WinAmp\geiss_423.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\Media Players\WinAmp\Milkdrop Presets\RegularsQ3-2004.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\Media Players\WinAmp\Milkdrop Presets\RegularsQ4-2004.exe]
Rootkit.Win64.Gen.rc!i [H:\Program Setups\OS Customization\Explorer Plus Plus\Explorer++ 1.2.exe]
Rootkit.Win64.Gen.rc!i [H:\Program Setups\OS Customization\Explorer Plus Plus\Explorer++.exe]
Malware.Win32.Gen.sm!s1 [H:\Program Setups\Windows Utilities\motherboard_driver_audio_realtek_azalia.exe]
Crack.Win32.Gen.98C3.sm!ff [H:\Program Setups\Windows Utilities\Untested XP cracks\CRACK\X86\antiwpa.dll]
Malware.Win32.Gen.an [H:\Program Setups\Windows Utilities\XP keygen\keygen.exe]
Patch.Win32.Gen.bot!ep-10 [H:\Program Setups\Windows Utilities\XP_XTRAS\DVIX CODEC\DivX Video Bundle Pro v5.03 Retail\ecldx503.exe]
Rootkit.Win32.Gen.bot!i [H:\Program Setups\Windows Utilities\XP_XTRAS\DVIX CODEC\DivX Video Bundle Pro v5.03 Retail\HC-DivXPro503-fxj.exe]
Malware.Win32.Gen.an [H:\Program Setups\Windows Utilities\XP_XTRAS\XP keygen\keygen.exe]
Malware.Win32.Gen.sm!s2 [H:\Program Setups\Windows Utilities\XP_XTRAS\XP.Lite\sr-xplite.exe]
Malware.Win32.Gen.sm!s2 [C:\Program Files\Rainmeter\Defaults\Skins\Enigma\Resources\Variables\EnigmaConfigure.exe]
Rootkit.Win64.Gen.rc!i [C:\Users\Tom Brokaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Explorer++.lnk]
Malware.Win32.Gen.sm!s2 [C:\Users\Tom Brokaw\Documents\Rainmeter\Skins\@Backup\2011.11.27 19.27-01\Enigma\Resources\Variables\EnigmaConfigure.exe]
Malware.Win32.Gen.sm!s1 [C:\Users\Tom Brokaw\Program Setup Sync\Benchmarking\GPU-Z.0.6.5.exe]
Rootkit.Win64.Gen.rc!i [C:\Users\Tom Brokaw\Program Setup Sync\OS Customization\Explorer Plus Plus\Explorer++ 1.2.exe]
Rootkit.Win64.Gen.rc!i [C:\Users\Tom Brokaw\Program Setup Sync\OS Customization\Explorer Plus Plus\Explorer++.exe]




#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 09:04 PM

Go ahead and run the eset scan.

Also tell me how is the machine?

The tool has a restore function under the quarantine do not restore anything yet,  please run the eset scan first and tell me how the machine is doing.


Edited by InadequateInfirmity, 18 January 2015 - 09:07 PM.


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 09:05 PM

Also after the Eset Scan, go ahead and reset the router to default if you have not done so.



#12 Tom Brokaw

Tom Brokaw
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 18 January 2015 - 09:12 PM

Eset is downloading and running.  I have not reset the router yet and don't want to do so while Eset needs internet access.  I have a few things to do tonight and suspect I won't be able to finish tonight, so my followup is likely to be tomorrow.  Thanks for all your assistance on this.

 

Are you inclined to speculate on what it could be?  I'm comparing Rainmeter's networking to Task Manager's networking, and I dunno, maybe I'm just paranoid.  Task manager shows a 100Mbps link capacity.  74 kB/s down in Rainmeter is shown as about .75% in Task Manager.  Given that my remaining issue is phantom uploads measured at less than 50kB/s tops (I think 33 is the highest I've seen), maybe that's "normal" activity that I never paid attention to before. 

 

Still seems weird though - the Weather app in Rainmeter I think pings once or twice a day, and if my cloud applications and browsers are all closed down, then I'm back to the same question: what the heck am I uploading?



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 AM

Posted 18 January 2015 - 09:15 PM

There was a lot of items detected by 9-Lab there might have been something "doing its thing"...

Like I say do not restore anything from quarantine.

Run the eset scan, reset the router, and check the issue.

 

Post back the results. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users