Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware in Internet Explorer v11.0.9600.17496 and Google Chrome v40.0.2214.91


  • Please log in to reply
37 replies to this topic

#1 scopio

scopio

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 27 January 2015 - 08:50 PM

OS Windows 7HP 64bit

CPU AMD Phenom II Quad

Motherboard ASUS M4A79-T Deluxe 790FX

Memory 12BG Corsair XMS3

Video card Sapphire ATI Radeon HD 4890

Boot disk C:\ Samsung Spinpoint 1TB 7200 SATA II 32MB

Backup Disk Seagate ST2000DM001-1C164 1TB SATA Gen3, 6GB

 

I have for the past week had a problem with Internet Explorer v11.0.9600.17496 and Google Chrome v40.0.2214.91 where they become unstable after running a scan with HitmanPro which reports a Riskware “C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\lato.dll” which I delete. I then have to reset both IE and Chrome for them to return to normal working again! When I try to load certain pages both browsers report Error 404 and in particular when I try to connect to Bleepingcomputer.com.

Windows seem to take longer to load and Network and sharing center takes a long time to open and connect to the internet.

A folder {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} reappears in C:/Programdata.

The problem seems to return after a couple of days.

HitmanPro log;

HitmanPro 3.7.9.234
www.hitmanpro.com
   Computer name . . . . : EMER
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : EMER\Robert
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (359 days left)
   Scan date . . . . . . : 2015-01-27 23:31:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 29s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1
   Objects scanned . . . : 1,778,478
   Files scanned . . . . : 22,374
   Remnants scanned  . . : 680,629 files / 1,075,475 keys
Malware _____________________________________________________________________
 
   C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\lato.dll -> Deleted
      Size . . . . . . . : 966,144 bytes
      Age  . . . . . . . : 6.8 days (2015-01-21 05:16:03)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 8631CD8D4973B7F2F2F045BAC0CB1FC281DDAC48611A15D75FCF14B9A7703C55
    > Bitdefender  . . . : Application.AdWare.BHO.BL
      Fuzzy  . . . . . . : 100.0
      Forensic Cluster
         -0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\
         -0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\lato.dll
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\sqlite3.dll
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\sqlite3.dll
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\extent
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\dExtent
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\dExtent
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\dExtent
          0.0s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\dExtent
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\CH\Robert\Default\
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\CH\
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\CH\Robert\
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\CH\Robert\Default\Secure Preferences
          0.4s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\data\archive\CH\Robert\Default\Preferences
          0.8s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\fiber.js
          0.8s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\hdat1
          0.8s C:\ProgramData\{564FBE8C-06CD-6F0A-B74B-1F8867C9CC06}\1.9.0.1\hdat2
HitmanPro 3.7.9.234
www.hitmanpro.com
   Computer name . . . . : EMER
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : EMER\Robert
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (358 days left)
   Scan date . . . . . . : 2015-01-28 00:38:22
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 1m 34s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0
   Objects scanned . . . : 3,602
   Files scanned . . . . : 3,602
   Remnants scanned  . . : 0 files / 0 keys

AwdCleaner log;

# AdwCleaner v4.109 - Report created 28/01/2015 at 01:05:26

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Robert - EMER

# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v40.0.2214.93

*************************

AdwCleaner[R0].txt - [1030 octets] - [28/01/2015 01:05:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1090 octets] ##########

 

# AdwCleaner v4.109 - Report created 28/01/2015 at 01:09:54

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Robert - EMER

# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v40.0.2214.93

*************************

AdwCleaner[R0].txt - [1178 octets] - [28/01/2015 01:05:26]

AdwCleaner[S0].txt - [1099 octets] - [28/01/2015 01:09:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1159 octets] ##########

After a couple of days I have to scan and clean the same malware again. In other words it keeps resurfacing!

I have run a scan with McAfee Antivirus and Malwarebytes which do not flag this malware!

Any help will be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 27 January 2015 - 09:47 PM

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
 
Step 5: Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

[/*]

Step 6: Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 
Step 7: Report
 
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.



#3 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 28 January 2015 - 09:03 AM

Hi InadequateInfirmity,

Thanks for your response, here are the logs as requested.

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Robert (administrator) on 28-01-2015 at 12:25:54
Running from "C:\Users\Robert\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EMER
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-18-80-84-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d43:c7ac:4868:731e%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 January 2015 12:14:49
   Lease Expires . . . . . . . . . . : 29 January 2015 12:14:49
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234890776
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-4F-70-D0-00-26-18-80-84-0B
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:10b9:b5b:6d38:c80e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10b9:b5b:6d38:c80e%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dsldevice.lan
Address:  192.168.1.254

Name:    google.com
Addresses:  2a00:1450:4009:80d::200e
   216.58.208.78

Pinging google.com [216.58.209.238] with 32 bytes of data:
Reply from 216.58.209.238: bytes=32 time=38ms TTL=58
Reply from 216.58.209.238: bytes=32 time=13ms TTL=58

Ping statistics for 216.58.209.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 38ms, Average = 25ms
Server:  dsldevice.lan
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
General failure.
Reply from 206.190.36.45: bytes=32 time=165ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 165ms, Maximum = 165ms, Average = 165ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 26 18 80 84 0b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.66     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.66    276
     192.168.1.66  255.255.255.255         On-link      192.168.1.66    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.66    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.66    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.66    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:5ef5:79fd:10b9:b5b:6d38:c80e/128
                                    On-link
 10    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::10b9:b5b:6d38:c80e/128
                                    On-link
 10    276 fe80::1d43:c7ac:4868:731e/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2015 02:39:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7f8
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/28/2015 01:10:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x408
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/28/2015 00:32:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7b8
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,(null),0,REG_BINARY,0000000001A2F0E0.72).  hr = 0x80070005, Access is denied.
.

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000300,(null),0,REG_BINARY,000000000149E400.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ea106bf3-5189-4ced-b371-727642744aef}

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a90,(null),0,REG_BINARY,000000000B54E100.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6d56efb2-5f7e-4b53-ab15-617245b3b2e3}

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000734,(null),0,REG_BINARY,0000000001BEDDC0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {b0c9d0dd-17ef-4ea6-9a16-f162698d5ab2}

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,0000000002AFEEA0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {563a8950-2396-46e9-b108-3d1b0d945320}

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,(null),0,REG_BINARY,0000000002B7EBE0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {02032aa3-0260-456b-8128-11a39efdafad}

Error: (01/27/2015 11:43:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000300,(null),0,REG_BINARY,000000000149E400.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ea106bf3-5189-4ced-b371-727642744aef}

System errors:
=============
Error: (01/28/2015 02:39:10 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 02:39:03 AM) (Source: DCOM) (User: )
Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897}

Error: (01/28/2015 01:10:06 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 00:32:26 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 00:32:20 AM) (Source: DCOM) (User: )
Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897}

Error: (01/27/2015 10:47:57 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/27/2015 10:47:57 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/27/2015 10:22:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2015 10:22:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2015 10:22:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Microsoft Office Sessions:
=========================
Error: (01/28/2015 02:39:09 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c17f801d03a97529060f4C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlld5a5b0ee-a696-11e4-8c75-00261880840b

Error: (01/28/2015 01:10:06 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c140801d03a9218f52aa6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll648d711e-a68a-11e4-9815-00261880840b

Error: (01/28/2015 00:32:26 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c17b801d03a68a50b13f6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll21d57219-a685-11e4-9f98-00261880840b

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000210,(null),0,REG_BINARY,0000000001A2F0E0.72)0x80070005, Access is denied.

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000300,(null),0,REG_BINARY,000000000149E400.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ea106bf3-5189-4ced-b371-727642744aef}

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000a90,(null),0,REG_BINARY,000000000B54E100.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6d56efb2-5f7e-4b53-ab15-617245b3b2e3}

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000734,(null),0,REG_BINARY,0000000001BEDDC0.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {b0c9d0dd-17ef-4ea6-9a16-f162698d5ab2}

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001c0,(null),0,REG_BINARY,0000000002AFEEA0.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {563a8950-2396-46e9-b108-3d1b0d945320}

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001fc,(null),0,REG_BINARY,0000000002B7EBE0.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {02032aa3-0260-456b-8128-11a39efdafad}

Error: (01/27/2015 11:43:44 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000300,(null),0,REG_BINARY,000000000149E400.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ea106bf3-5189-4ced-b371-727642744aef}

CodeIntegrity Errors:
===================================
  Date: 2015-01-28 12:22:13.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 12:14:45.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 02:30:50.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 02:07:43.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:45:03.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:36:26.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:30:46.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:20:50.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:11:04.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 01:02:32.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}Visible) (Version: 18.0.6525 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden
Acronis Universal Boot Media Builder (HKLM-x32\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.303 - ArcSoft)
BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)
CardRecovery 6.10 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2015 (HKLM-x32\...\{78535F78-8575-4D6E-90CA-981AD7EABD0E}) (Version: 16.0.04100 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.1.20081 - Nero AG) Hidden
Nero Burning Core (x32 Version: 16.0.21000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 16.0.21000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.2.0009 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.4.0016 - Nero AG) Hidden
Nero Device Updates (x32 Version: 16.0.2000 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 16.0.10002 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 16.0.1013 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 16.0.10002 - Nero AG) Hidden
Nero Express (x32 Version: 16.0.21000 - Nero AG) Hidden
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero Kwik Themes Basic (x32 Version: 16.0.10002 - Nero AG) Hidden
Nero Launcher (x32 Version: 16.0.11000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.28.4100 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 16.0.10002 - Nero AG) Hidden
Nero Recode (x32 Version: 16.0.11000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 16.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.16006 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13600.45.0 - Nero AG) Hidden
Nero Video (x32 Version: 16.0.9000 - Nero AG) Hidden
Nero Video Samples (x32 Version: 16.0.10002 - Nero AG) Hidden
Plusnet Protect (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{E762A933-274B-4860-B066-A39FAB0838FD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{26A0F874-417C-4B0A-8088-3FA53638FB49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6C727BC2-B2B9-4B03-BD7E-682EA6FA1C04}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 12286.18 MB
Available physical RAM: 9960.91 MB
Total Pagefile: 24570.54 MB
Available Pagefile: 22094.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:847.34 GB) NTFS
2 Drive d: (Zalman2) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
4 Drive f: (Backup) (Fixed) (Total:1863.01 GB) (Free:1391.44 GB) NTFS

========================= Users: ========================================

User accounts for \\EMER

Administrator            Guest                    Robert                  

**** End of log ****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Robert on 28/01/2015 at 12:32:17.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2015 at 12:38:27.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.109 - Report created 28/01/2015 at 12:50:19
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robert - EMER
# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v40.0.2214.93

[C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1178 octets] - [28/01/2015 01:05:26]
AdwCleaner[R1].txt - [1002 octets] - [28/01/2015 12:44:16]
AdwCleaner[S0].txt - [1247 octets] - [28/01/2015 01:09:54]
AdwCleaner[S1].txt - [927 octets] - [28/01/2015 12:50:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [986 octets] ##########

# AdwCleaner v4.109 - Report created 28/01/2015 at 12:50:19
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robert - EMER
# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v40.0.2214.93

[C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1178 octets] - [28/01/2015 01:05:26]
AdwCleaner[R1].txt - [1002 octets] - [28/01/2015 12:44:16]
AdwCleaner[S0].txt - [1247 octets] - [28/01/2015 01:09:54]
AdwCleaner[S1].txt - [927 octets] - [28/01/2015 12:50:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [986 octets] ##########

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_01_28_13_00_24
OS: Windows 7 - 64 Bit
Account Name: Robert
U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.28.05
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Robert :: EMER [administrator]

28/01/2015 13:12:04
mbar-log-2015-01-28 (13-12-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 334106
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.210000 GHz
Memory total: 12882993152, free: 10360651776

Downloaded database version: v2015.01.28.05
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
     01/28/2015 13:11:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\RTL2832UUSB.sys
\SystemRoot\system32\drivers\RTL2832UBDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\DRIVERS\RTL2832U_IRHID.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\drivers\hmpalert.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.01.28.05
  rootkit: v2015.01.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a298060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a298b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a298060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009b4f040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8009b49060, DeviceName: \Device\00000069\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C63F6A1D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 202752

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800a299060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a299ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a299060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009b4fac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8009b52950, DeviceName: \Device\0000006a\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91118999

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

 Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor   
  Java 64-bit 8 Update 31 
 Google Chrome (40.0.2214.91)
 Google Chrome (40.0.2214.93)
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

I have checked in  C:\Programdata and the folder {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} is still there. This is what HitmanPro flagged as Riskware.

 

I shall now reboot the system to see how it performs and open IE and Chrome to see if they are performing reasonably. I shall report on my next post the results.
 



#4 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 28 January 2015 - 10:22 AM

When I started IE11 a new ActiveX component wants to install as shown in the screenshot below. I rejected it as it says it is for IE7

http://i1304.photobucket.com/albums/s524/scopio1/2015-01-28_14-11-29_zpsytkhznjz.jpg

Microsoft Internet Explorer 7 – IEFRAME.DLL

Ieframe.dll installs with Microsoft Internet Explorer version 7. At the time of this writing, IE7 was being beta tested by developers. This file appears to replace shdocvw, shlwapi, and browseui dlls found in Internet Explorer 6. More information can be found at http://www.microsoft.com/windows/IE/ie7/default.mspx.

If you run Internet Explorer version 7, leave this file in place. Removing it could crash your browser.

There is an ActiveX component ieframe.dll already in use.

http://i1304.photobucket.com/albums/s524/scopio1/2015-01-28_14-23-17_zpshi1vw21j.jpg

 

All my links work and IE seem to perform well.

As for Google Chrome when I loaded it some of the settings had reverted to default, but my links and extensions were still there although the home page had been changed from http://www.bbc.co.uk/news/ to open new tab page.

What still concerns me is the erratic way that Network and Sharing Center behaves at different times. Sometimes the internet connection takes a few seconds and at other times it takes nearly a minute to connect, then it disconnects for about 20 seconds before it reconnects again. I have checked that the Realtek PCIe GBE Family Controller driver is up to date and Local Area Connection Properties are all correct.

 

 The other thing that concerns me even more is that this [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms} keeps reappearing even though I have deleted it several times before when I have run a scan with adwcleaner!

 

 The other thing I would like to know if the entry in C:\ProgramData folder {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} is malicious and therefore can be manually deleted or is this part of Windows and therefore should not be deleted? I have checked on my laptop and this folder does not appear!


Edited by scopio, 28 January 2015 - 12:06 PM.


#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 28 January 2015 - 01:05 PM

Step 1: 9-Lab Scan

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Step 2: Eset Scan

 

Disable your antivirus prior to running this scan.

 

 

 esetonlinebtn.png

 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#6 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 28 January 2015 - 03:47 PM

9-lab Removal Tool 1.0.0.25 BETA
9-lab.com

Database version: 95.28085

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17501
Robert :: EMER not implemented yet

28/01/2015 18:19:59
9lab-log-2015-01-28 (18-19-59).txt

Scan type:
Objects scanned: 43903
Time Elapsed: 50 m 12 s

Registry Keys detected: 1
Virtool.RPL.Gen.rc [\software\classes\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5}]

ActiveX detected: 8
Virtool.RPL.Gen.rc [\software\classes\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5}]
Patch.Win64.Gen.bot!ep-10 [{E0D79304-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79305-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79306-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79307-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79304-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79305-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79306-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79307-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]

Files detected: 7
Virtool.RPL.Gen.rc [\software\classes\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5}]
Patch.Win64.Gen.bot!ep-10 [{E0D79304-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79305-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79306-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win64.Gen.bot!ep-10 [{E0D79307-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshls64.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79304-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79305-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79306-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Patch.Win32.Gen.bot!ep-10 [{E0D79307-84BE-11CE-9641-444553540000} c:\program files\winzip\wzshlstb.dll]
Malware.MPL.Gen.vb [c:\users\robert\appdata\local\LMIR0007.tmp_r.bat]
Malware.Win32.Gen.sm!s1 [C:\Prey\platform\windows\Uninstall.exe]
Mal/Fraud!se-365 [C:\Program Files (x86)\Hard Disk Sentinel\deta.dll]
Malware.Win32.Gen.sm!s2 [C:\Users\Robert\Desktop\MiniToolBox.exe]
Malware.Win32.Gen.sm!s1 [C:\Users\Robert\Downloads\Programs\PC Drivers HeadQuarters\DriverDetective\DriverDetective.exe]
Mal/Fraud!se-1011 [C:\Users\Robert\Downloads\Programs\Winpatrol\wpsetup.exe]
Malware.Win32.Gen.sm!s1 [C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7601.22874_none_4b081c0ab2180335\ExtExport.exe]

C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Users\Robert\Downloads\Programs\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Robert\Downloads\Programs\CCleaner\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Robert\Downloads\Programs\Winzip 190\winzip190.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Windows\Installer\6f5a35.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined


 

I have had a look at the files in C:\ProgramData {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} which contains the following;

Contents of the folder C:\ProgramData > {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} >

 folder 1.9.0.1 >

 folder data >

 archive >

 folder  CH >

 folder  Robert >

 folder  default >  

file preferences

file secure preferences >  ( in this file there are code lines which refer to “Vosteran”.

Dextent file >

 extent file >

 fiber.js JScript  Script File >

 hdat1 file >

 hdat2 file >

 sqlite3.dll application extension

 

 

So I assume that the C:\ProgramData > {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} is malicious and can be deleted?


Edited by scopio, 28 January 2015 - 03:47 PM.


#7 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 28 January 2015 - 03:55 PM

Some of the code in C:\ProgramData > {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} secure preference file;

Reference to Vosteran

      "super_mac": "3A55F7D4A855308A6556AC2A354383D20B814BD5364615BAA328CCB002EA6C76"

   },

   "default_search_provider_data":{

      "template_url_data":{

         "alternate_urls": [  ],

         "created_by_policy":false,

         "date_created":"0",

         "favicon_url":"http://vosteran.com/favicon.ico",

         "id":"6",

         "image_url":"",

         "image_url_post_params":"",

         "input_encodings":[ "UTF-8" ],

         "instant_url":"",

         "instant_url_post_params":"",

         "keyword":"Vosteran.com",

         "last_modified":"0",

         "new_tab_url":"",

         "originating_url":"",

         "prepopulate_id":0,

         "safe_for_autoreplace":true,

         "search_terms_replacement_key":"",

         "search_url_post_params":"",

         "short_name":"Vosteran",

         "suggestions_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}",

         "suggestions_url_post_params":"",

         "synced_guid":"2F58B3CF-8FE4-61AC-316C-17662B1DD853",

         "url":"http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_aw_15_04_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzzzztDzzyEtD0BzytBtCzztN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtAtFtBtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2StByD0EtDyEyByDyEtGzzzy0AtCtGzyyDtAtBtGyE0CyDzytGtD0D0CyCyCtB0DtByB0C0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtC0AzzyCzz0EtGzyyBzytDtGyEtD0AtCtG0A0DyC0FtGyCtBzy0ByCtBtCzytByC0BtD2QtN1B1L1H1Ezu1O2U1M1B&cr=1399180936&ir=",

         "usage_count":0

      }

   },

   "homepage":"http://vosteran.com/?f=1&a=vst_aw_15_04_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzzzztDzzyEtD0BzytBtCzztN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtAtFtBtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2StByD0EtDyEyByDyEtGzzzy0AtCtGzyyDtAtBtGyE0CyDzytGtD0D0CyCyCtB0DtByB0C0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtC0AzzyCzz0EtGzyyBzytDtGyEtD0AtCtG0A0DyC0FtGyCtBzy0ByCtBtCzytByC0BtD2QtN1B1L1H1Ezu1O2U1M1B&cr=1399180936&ir=",

   "homepage_is_newtabpage":false,

   "browser":{

      "show_home_button": true

   },

   "session":{

      "restore_on_startup": 4,

      "startup_urls":["http://vosteran.com/?f=7&a=vst_aw_15_04_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzzzztDzzyEtD0BzytBtCzztN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtAtFtBtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2StByD0EtDyEyByDyEtGzzzy0AtCtGzyyDtAtBtGyE0CyDzytGtD0D0CyCyCtB0DtByB0C0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyEtC0AzzyCzz0EtGzyyBzytDtGyEtD0AtCtG0A0DyC0FtGyCtBzy0ByCtBtCzytByC0BtD2QtN1B1L1H1Ezu1O2U1M1B&cr=1399180936&ir="]

   }

 

}



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 28 January 2015 - 06:43 PM

 

 

So I assume that the C:\ProgramData > {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} is malicious and can be deleted?

 

 

Yes you can delete this file. If you can not then do it in safe mode.

Malwarebytes | FileASSASSIN

#9 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 30 January 2015 - 09:25 AM

I have now deleted the folder {564FBE8C-06CD-6F0A-B74B-1F8867C9CC06} with no issues reported. The machine and browsers seem to be fine.

The time it takes Network and Sharing to connect/load at start-up could be a Windows issue.

If there is nothing else you would like me to do, I think this topic could now be closed?



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 30 January 2015 - 09:39 AM

Lets check with one more scanner. :)

After that we will run another program to see if we can speed things up a bit.

 

 

Download the  eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
Pt0EV52.png
Once you have updated the program, make sure the settings are the same as the picture below.
RDgdRoi.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
yqItTC5.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.



#11 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 30 January 2015 - 09:53 AM

Will do, I'll post the log in my next post.



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 30 January 2015 - 09:55 AM

:thumbup2:



#13 scopio

scopio
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:12:41 PM

Posted 30 January 2015 - 10:56 AM

30 Jan 2015 15:04:14 [33a8] - **********************************************************
30 Jan 2015 15:04:14 [33a8] - MWAV - eScanAV AntiVirus Toolkit.
30 Jan 2015 15:04:14 [33a8] - Copyright © MicroWorld Technologies
30 Jan 2015 15:04:14 [33a8] - **********************************************************
30 Jan 2015 15:04:14 [33a8] - Source: C:\Users\Robert\Desktop\mwav.exe
30 Jan 2015 15:04:14 [33a8] - Version 14.0.152 (C:\USERS\ROBERT\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
30 Jan 2015 15:04:14 [33a8] - Log File: C:\Users\Robert\AppData\Local\Temp\LOG\MWAV.LOG
30 Jan 2015 15:04:14 [33a8] - MWAV Registered: TRUE
30 Jan 2015 15:04:14 [33a8] - User Account: Robert (Administrator Mode)
30 Jan 2015 15:04:14 [33a8] - OS Type: Windows Workstation
30 Jan 2015 15:04:14 [33a8] - OS: Windows 7 64-Bit [OS Install Date: 20 Jan 2015 02:26:15]
30 Jan 2015 15:04:14 [33a8] - Ver: Personal Service Pack 1 (Build 7601)
30 Jan 2015 15:04:14 [33a8] - System Up Time: 2 Hours, 59 Minutes, 27 Seconds
30 Jan 2015 15:04:14 [33a8] - Parent Process Name : c:\Users\Robert\AppData\Local\Temp\mexe.com
30 Jan 2015 15:04:14 [33a8] - Windows Root  Folder: C:\Windows
30 Jan 2015 15:04:14 [33a8] - Windows Sys32 Folder: C:\Windows\system32
30 Jan 2015 15:04:14 [33a8] - DHCP NameServer: 192.168.1.254
30 Jan 2015 15:04:14 [33a8] - Interface0 DHCPNameServer: 192.168.1.254
30 Jan 2015 15:04:14 [33a8] - Local Fixed Drives: c:\,d:\,f:\
30 Jan 2015 15:04:14 [33a8] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
30 Jan 2015 15:04:14 [33a8] - [CREATED ZIP FILE: C:\Users\Robert\AppData\Local\Temp\pinfect.zip]
30 Jan 2015 15:04:14 [33a8] - Command Line Options Given: /xsign
30 Jan 2015 15:04:15 [33a8] - Latest Date of files inside MWAV: Fri Jan 30 15:42:18 2015.
30 Jan 2015 15:04:15 [33a8] - Sign Version: 7.59050 [517802]
30 Jan 2015 15:04:15 [33a8] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV

\ESCANDBY.MDB [Log: C:\Users\Robert\AppData\Local\Temp\LOG\ESCANDB.LOG]
30 Jan 2015 15:04:15 [33a8] - Loaded/Created FileScan Cache Database...
30 Jan 2015 15:04:15 [33a8] - Loading AV Library [DB]...
30 Jan 2015 15:04:22 [33a8] - ArchiveScan: DISABLED
30 Jan 2015 15:04:23 [33a8] - AV Library Loaded - MultiThreaded - 16 : [DB-DIRECT].
30 Jan 2015 15:04:23 [33a8] - MWAV doing self scanning...
30 Jan 2015 15:04:23 [33a8] - MWAV files are clean.
30 Jan 2015 15:04:28 [33a8] - ArchiveScan: DISABLED
30 Jan 2015 15:04:28 [33a8] - Virus Database Date: 30 Jan 2015
30 Jan 2015 15:04:28 [33a8] - Virus Database Count: 6489932
 
30 Jan 2015 15:04:53 [33a8] - **********************************************************
30 Jan 2015 15:04:53 [33a8] - MWAV - eScanAV AntiVirus Toolkit.
30 Jan 2015 15:04:53 [33a8] - Copyright © MicroWorld Technologies
30 Jan 2015 15:04:53 [33a8] -
30 Jan 2015 15:04:53 [33a8] - Support: support@escanav.com
30 Jan 2015 15:04:53 [33a8] - Web: http://www.escanav.com
30 Jan 2015 15:04:53 [33a8] - **********************************************************
30 Jan 2015 15:04:53 [33a8] - Version 14.0.152[DB] (C:\USERS\ROBERT\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
30 Jan 2015 15:04:53 [33a8] - Log File: C:\Users\Robert\AppData\Local\Temp\LOG\MWAV.LOG
30 Jan 2015 15:04:53 [33a8] - User Account: Robert (Administrator Mode)
30 Jan 2015 15:04:53 [33a8] - Parent Process Name : c:\Users\Robert\AppData\Local\Temp\mexe.com
30 Jan 2015 15:04:53 [33a8] - Windows Root  Folder: C:\Windows
30 Jan 2015 15:04:53 [33a8] - Windows Sys32 Folder: C:\Windows\system32
30 Jan 2015 15:04:53 [33a8] - OS: Windows 7 64-Bit [OS Install Date: 20 Jan 2015 02:26:15]
30 Jan 2015 15:04:53 [33a8] - Ver: Personal Service Pack 1 (Build 7601)
30 Jan 2015 15:04:53 [33a8] - Latest Date of files inside MWAV: Fri Jan 30 15:42:18 2015.
30 Jan 2015 15:04:53 [33a8] - Sign Version: 7.59050 [517802]
 
30 Jan 2015 15:04:53 [2098] - Options Selected by User:
30 Jan 2015 15:04:53 [2098] - Memory Check: Enabled
30 Jan 2015 15:04:53 [2098] - Registry Check: Enabled
30 Jan 2015 15:04:53 [2098] - StartUp Folder Check: Enabled
30 Jan 2015 15:04:53 [2098] - System Folder Check: Enabled
30 Jan 2015 15:04:53 [2098] - Services Check: Enabled
30 Jan 2015 15:04:53 [2098] - Scan Spyware: Enabled
30 Jan 2015 15:04:53 [2098] - Scan Archives: Disabled
30 Jan 2015 15:04:53 [2098] - Drive Check: Enabled
30 Jan 2015 15:04:53 [2098] - All Drive Check :Disabled
30 Jan 2015 15:04:53 [2098] - Drive Selected = C:\
30 Jan 2015 15:04:53 [2098] - Folder Check: Disabled
30 Jan 2015 15:04:53 [2098] - SCAN: All_Files [ANSI]
30 Jan 2015 15:04:53 [2098] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
30 Jan 2015 15:04:53 [2098] - Scanning DNS Records...
30 Jan 2015 15:04:53 [2098] - Scanning Master Boot Record (User)...
30 Jan 2015 15:04:53 [2098] - Scanning Logical Boot Records...
30 Jan 2015 15:04:55 [2098] - ***** Scanning For Hidden Rootkit Processes *****
30 Jan 2015 15:04:55 [2098] - ***** Scanning For Hidden Rootkit Services *****
 
30 Jan 2015 15:04:59 [2098] - ***** Scanning Memory Files *****
 
30 Jan 2015 15:05:02 [2098] - ***** Scanning Registry Files *****
30 Jan 2015 15:05:04 [2098] - ERROR(3)!!! Invalid Entry LGODDFU =  blrun (in key HKLM\SOFTWARE\Microsoft

\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
30 Jan 2015 15:05:05 [2098] - ***** Scanning StartUp Folders *****
 
30 Jan 2015 15:05:31 [2098] - ***** Scanning Service Files *****
30 Jan 2015 15:05:52 [2098] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\SamSs].
30 Jan 2015 15:05:54 [2098] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\TrkWks].
30 Jan 2015 15:05:54 [2098] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller].
 
30 Jan 2015 15:05:58 [2098] - ***** Scanning Registry and File system for Adware/Spyware *****
30 Jan 2015 15:05:59 [2098] - Loading Spyware Signatures from new External Database [Name: C:\Users\Robert

\AppData\Local\Temp\spydb.avs, Size: 464717]...
30 Jan 2015 15:05:59 [2098] - Indexed Spyware Databases Successfully Created...
 
30 Jan 2015 15:06:02 [2098] - Offending Folder found: C:\Users\Robert\Favorites\Technical Help\Windows 7

Tutorials\Windows Explorer
30 Jan 2015 15:06:02 [2098] - Deltree of Folder C:\Users\Robert\Favorites\Technical Help\Windows 7 Tutorials

\Windows Explorer...
30 Jan 2015 15:06:02 [2098] - Object "Unknown Trojan Spyware/Adware" found in File System! Action Taken:

Entries Removed.

 
30 Jan 2015 15:06:05 [2098] - ***** Scanning Registry Files *****
30 Jan 2015 15:06:05 [2098] - ** C:\Windows\system32\drivers\etc\hosts Not Present! Created New One.
30 Jan 2015 15:06:05 [2098] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start

Page = http://www.google.com
30 Jan 2015 15:06:05 [2098] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
30 Jan 2015 15:06:05 [2098] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
30 Jan 2015 15:06:05 [2098] - ** Deleted Value of "NoChangingWallPaper" in "HKEY_CURRENT_USER\Software

\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:0.
30 Jan 2015 15:06:05 [2098] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
30 Jan 2015 15:06:05 [2098] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
30 Jan 2015 15:06:05 [2098] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer

\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
30 Jan 2015 15:06:05 [2098] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start

Page = http://www.bbc.co.uk/news
30 Jan 2015 15:06:05 [2098] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

\main/Start Page = http://www.bbc.co.uk/news
 
30 Jan 2015 15:06:05 [2098] - ***** Scanning System32 Folders *****
30 Jan 2015 15:06:14 [1ac4] - ScanFile (C:\Windows\SysWOW64\atioglxx.dll) took 6443 ms
30 Jan 2015 15:06:20 [3050] - ScanFile (C:\Windows\SysWOW64\dbgeng.dll) took 6506 ms
30 Jan 2015 15:06:43 [0e6c] - ScanFile (C:\Windows\SysWOW64\NlsLexicons004c.dll) took 8908 ms
 
30 Jan 2015 15:06:57 [31f4] - C:\Users\Robert\AppData\Local\Temp\bdcore.dll.14165432.mwt File already Scanned

once... not able to clean.
30 Jan 2015 15:06:58 [302c] - Scanning File C:\Users\Robert\AppData\Local\Temp\MWZCABA.tmp
 
30 Jan 2015 15:07:05 [2098] - ***** Scanning Drive C:\ *****
30 Jan 2015 15:07:23 [30a0] - ScanFile (C:\AMD\Support\13-9-legacy_vista_win7_64_dd_ccc\Packages\Drivers

\Display\W76A_INF\B156566\atikmdag.sy_) took 7176 ms
30 Jan 2015 15:07:25 [2f5c] - ScanFile (C:\AMD\Support\13-9-legacy_vista_win7_64_dd_ccc\Packages\Drivers

\Display\W76A_INF\B156566\aticaldd.dl_) took 9828 ms
30 Jan 2015 15:07:26 [0f34] - ScanFile (C:\AMD\Support\13-9-legacy_vista_win7_64_dd_ccc\Packages\Drivers

\Display\W76A_INF\B156566\aticaldd64.dl_) took 10593 ms
30 Jan 2015 15:07:30 [27dc] - ScanFile (C:\AMD\Support\13-9-legacy_vista_win7_64_dd_ccc\Packages\Drivers

\Display\W76A_INF\B156566\atioglxx.dl_) took 13447 ms
30 Jan 2015 15:07:31 [1ac4] - ScanFile (C:\AMD\Support\13-9-legacy_vista_win7_64_dd_ccc\Packages\Drivers

\Display\W76A_INF\B156566\atio6axx.dl_) took 14274 ms
30 Jan 2015 15:07:32 [3050] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atidxx64.dl_) took 5944 ms
30 Jan 2015 15:07:33 [1fec] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atiumd6a.dl_) took 6271 ms
30 Jan 2015 15:07:38 [30a0] - ScanFile (C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C

\PowerPointMUI.msi) took 5008 ms
30 Jan 2015 15:07:39 [27dc] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atiumdva.dl_) took 8814 ms
30 Jan 2015 15:07:41 [2f5c] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\aticaldd.dl_) took 14976 ms
30 Jan 2015 15:07:42 [302c] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\aticaldd64.dl_) took 16380 ms
30 Jan 2015 15:07:45 [0f34] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atikmdag.sy_) took 18798 ms
30 Jan 2015 15:07:47 [31f4] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atioglxx.dl_) took 20264 ms
30 Jan 2015 15:07:47 [31f4] - Scanning of C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atioglxx.dl_ Timed out!!!
30 Jan 2015 15:07:51 [0e6c] - ScanFile (C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atio6axx.dl_) took 24336 ms
30 Jan 2015 15:07:51 [0e6c] - Scanning of C:\Matrox\wddm64_5_00_00_049_nowhql_beta\DrvCSeries\Display

\B175850\atio6axx.dl_ Timed out!!!
30 Jan 2015 15:08:42 [2f5c] - ScanFile (C:\Program Files\WinZip\Utils\WzSysScan\wzpsssys.dll) took 6287 ms
30 Jan 2015 15:08:43 [315c] - ScanFile (C:\Program Files\WinZip\wzwipe32.exe) took 6318 ms
30 Jan 2015 15:10:28 [0f34] - ScanFile (C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe) took 15678

ms
30 Jan 2015 15:10:30 [1ac4] - ScanFile (C:\Program Files (x86)\Hard Disk Sentinel\dethp.dll) took 5897 ms
30 Jan 2015 15:11:28 [32fc] - ScanFile (C:\Program Files (x86)\Microsoft Office\Office14\PROOF

\1036\MSGR3FR.DLL) took 8939 ms
30 Jan 2015 15:11:44 [33bc] - ScanFile (C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\agcore.dll)

took 5351 ms
30 Jan 2015 15:12:26 [0e6c] - ScanFile (C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe) took

5881 ms
30 Jan 2015 15:13:09 [315c] - ScanFile (C:\Program Files (x86)\Nero\Nero 2015\Nero Vision\NeVideoFX.dll) took

7347 ms
30 Jan 2015 15:13:16 [0e6c] - ScanFile (C:\Program Files (x86)\Nero\Nero ControlCenter\NCC.exe) took 5538 ms
30 Jan 2015 15:13:20 [206c] - ScanFile (C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe)

took 12308 ms
30 Jan 2015 15:14:01 [33bc] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-

04046e6cc752}
30 Jan 2015 15:14:01 [315c] - Scanning File C:\System Volume Information\{9d6da692-a551-11e4-9ead-

00261880840b}{3808876b-c176-4e48-b7ae-04046e6cc752}
30 Jan 2015 15:14:02 [31f4] - Scanning File C:\System Volume Information\{23543ca4-a7cb-11e4-a912-

00261880840b}{3808876b-c176-4e48-b7ae-04046e6cc752}
30 Jan 2015 15:14:02 [3050] - Scanning File C:\System Volume Information\{23543c9a-a7cb-11e4-a912-

00261880840b}{3808876b-c176-4e48-b7ae-04046e6cc752}
30 Jan 2015 15:14:02 [0e6c] - Scanning File C:\System Volume Information\{c850073b-a65b-11e4-9f98-

00261880840b}{3808876b-c176-4e48-b7ae-04046e6cc752}
30 Jan 2015 15:14:02 [302c] - Scanning File C:\System Volume Information\{468a57da-a61c-11e4-9cd6-

00261880840b}{3808876b-c176-4e48-b7ae-04046e6cc752}
30 Jan 2015 15:14:12 [206c] - ScanFile (C:\Temp\dll.exe) took 8299 ms
30 Jan 2015 15:14:34 [30a0] - C:\Users\Robert\AppData\Local\Temp\bdcore.dll.14165432.mwt File already Scanned

once... not able to clean.
30 Jan 2015 15:14:53 [315c] - ScanFile (C:\Users\Robert\Documents\Cat\888_620_Cat_How+to+take+care+of+your

+cat+booklet_secure.pdf) took 5398 ms
30 Jan 2015 15:15:01 [1fec] - ScanFile (C:\Users\Robert\Documents\Dell\en_dtg.zip) took 8534 ms
30 Jan 2015 15:15:06 [2f5c] - ScanFile (C:\Users\Robert\Documents\Gibraltar\2012 Trip\Easyjet\Help Guide to

Rebook or Refund a booking.pdf) took 5631 ms
30 Jan 2015 15:15:11 [31f4] - ScanFile (C:\Users\Robert\Documents\HP Laptop\G6 B960 G6 1372EA\c02973502.pdf)

took 6007 ms
30 Jan 2015 15:15:13 [2f5c] - ScanFile (C:\Users\Robert\Documents\Kathleen Mattsson\Panasonic TV\TQB0E2353U-

E.pdf) took 5163 ms
30 Jan 2015 15:15:13 [1ac4] - ScanFile (C:\Users\Robert\Documents\Gibraltar\History\The Legal Status of

Gibraltar- Whose Rock is it Anyway-.pdf) took 9205 ms
30 Jan 2015 15:15:14 [1fec] - ScanFile (C:\Users\Robert\Documents\HP Laptop\G6 B960 G6 1372EA\c02983433.pdf)

took 8378 ms
30 Jan 2015 15:15:15 [30a0] - ScanFile (C:\Users\Robert\Documents\Gibraltar\The Convent\covent-book.pdf) took

10000 ms
30 Jan 2015 15:15:15 [3050] - ScanFile (C:\Users\Robert\Documents\Kate Elson\sky_box_oct05.pdf) took 7972 ms
30 Jan 2015 15:15:22 [206c] - ScanFile (C:\Users\Robert\Documents\Malware and rootkit Applications\rkill.exe)

took 5414 ms
30 Jan 2015 15:15:25 [302c] - ScanFile (C:\Users\Robert\Documents\Malware and rootkit Applications

\FreeFirewalls\PrivateFirewall\PF_User_Guide.pdf) took 8892 ms
30 Jan 2015 15:15:26 [3050] - ScanFile (C:\Users\Robert\Documents\Malware and rootkit Applications

\FreeFirewalls\PrivateFirewall\privatefirewall.exe) took 9687 ms
30 Jan 2015 15:15:26 [1ac4] - ScanFile (C:\Users\Robert\Documents\Malware and rootkit Applications

\PandaCloudCleaner.exe) took 9422 ms
30 Jan 2015 15:15:30 [2f5c] - ScanFile (C:\Users\Robert\Documents\My Drivers\Display

\pci_ven_1002&dev_9460\B139358\atioglxx.dll) took 5928 ms
30 Jan 2015 15:15:40 [27bc] - ScanFile (C:\Users\Robert\Documents\My PC Info\Graphics Card\AMD Driver\12-

2_vista_win7_64_dd_ccc.exe) took 8003 ms
30 Jan 2015 15:15:41 [3050] - ScanFile (C:\Users\Robert\Documents\My PC Info\Graphics Card\ATI\Catalyst\9-

12_vista32_win7_32_dd_ccc_wdm_enu.exe) took 8362 ms
30 Jan 2015 15:15:53 [206c] - ScanFile (C:\Users\Robert\Documents\My PC Info\Graphics Card\ATI\Catalyst\9-

12_vista_win7_32-64_xcodeAvivo Video Converter.exe) took 20483 ms
30 Jan 2015 15:15:53 [206c] - Scanning of C:\Users\Robert\Documents\My PC Info\Graphics Card\ATI\Catalyst\9-

12_vista_win7_32-64_xcodeAvivo Video Converter.exe Timed out!!!
30 Jan 2015 15:15:53 [1ac4] - ScanFile (C:\Users\Robert\Documents\My PC Info\Graphics Card\ATI\Catalyst\9-

12_vista_win7_32-64_hydravision.exe) took 20514 ms
30 Jan 2015 15:15:53 [1ac4] - Scanning of C:\Users\Robert\Documents\My PC Info\Graphics Card\ATI\Catalyst\9-

12_vista_win7_32-64_hydravision.exe Timed out!!!
30 Jan 2015 15:15:58 [32fc] - ScanFile (C:\Users\Robert\Documents\Acronis 2015\Acronis 2015 Upgrade

\AcronisTrueImage2015_ur_en-US.msi) took 20156 ms
30 Jan 2015 15:15:58 [32fc] - Scanning of C:\Users\Robert\Documents\Acronis 2015\Acronis 2015 Upgrade

\AcronisTrueImage2015_ur_en-US.msi Timed out!!!
30 Jan 2015 15:15:59 [2f5c] - ScanFile (C:\Users\Robert\Documents\My PC Info\Hitachi External Drive

\Get_Started_for_Win.exe) took 5023 ms
30 Jan 2015 15:16:05 [1ac4] - ScanFile (C:\Users\Robert\Documents\My PC Info\My Drivers\Display

\pci_ven_1002&dev_9460\B123158\atioglxx.dll) took 6833 ms
30 Jan 2015 15:16:11 [1fec] - ScanFile (C:\Users\Robert\Documents\My PC Info\My Drivers\Display

\pci_ven_1002&dev_9460\B123158\atiumd64.dll) took 12574 ms
30 Jan 2015 15:16:39 [206c] - ScanFile (C:\Users\Robert\Documents\SarahRose\HP G6 B960 Laptop\c02983433.pdf)

took 5943 ms
30 Jan 2015 15:16:56 [206c] - ScanFile (C:\Users\Robert\Documents\Word 2010 How to\Create simple electronic

form\Word-Advantage-Manual-ELECTRONIC-FORMS-MAIL-MERGE.pdf) took 5897 ms
30 Jan 2015 15:16:58 [315c] - ScanFile (C:\Users\Robert\Downloads\Programs\3 Mobile\Kies3Setup.exe) took 7472

ms
30 Jan 2015 15:17:01 [2e94] - ScanFile (C:\Users\Robert\Downloads\Programs\3 Mobile\KiesSetup.exe) took 10421

ms
30 Jan 2015 15:17:02 [27dc] - ScanFile (C:\Users\Robert\Documents\Windows XP\PCmover_8_Pro_UG_ENG.pdf) took

11794 ms
30 Jan 2015 15:17:02 [32fc] - ScanFile (C:\Users\Robert\Documents\Windows XP\PCmover_Win8UA_UG_ENG.pdf) took

11841 ms
30 Jan 2015 15:17:06 [302c] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum

\Nero2014_Platinum-15.0.02200.exe) took 7238 ms
30 Jan 2015 15:17:06 [1fec] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum

\Nero2014_ContentPack2014-15.0.00200.exe) took 7582 ms
30 Jan 2015 15:17:06 [315c] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum

\Nero2015_ContentPack-16.0.00300.exe) took 7020 ms
30 Jan 2015 15:17:06 [206c] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum\Nero2015-

16.0.04100_trial.exe) took 7379 ms
30 Jan 2015 15:17:06 [31f4] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum\Nero2015-

16.0.02900.exe) took 7675 ms
30 Jan 2015 15:17:06 [0f34] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum\Nero_ContentPack-

12.0.00400.exe) took 7161 ms
30 Jan 2015 15:17:07 [0e6c] - ScanFile (C:\Users\Robert\Downloads\Programs\Nero 15 Platinum\Nero_Platinum-

12.5.01300.exe) took 6567 ms
30 Jan 2015 15:17:08 [2f5c] - ScanFile (C:\Users\Robert\Downloads\Programs\FSViewer\FSViewerSetup53.exe) took

12839 ms
30 Jan 2015 15:17:17 [33bc] - ScanFile (C:\Users\Robert\Downloads\Programs\HD SentinelPro

\hdsentinel_pro_setup.zip) took 21373 ms
30 Jan 2015 15:17:17 [33bc] - Scanning of C:\Users\Robert\Downloads\Programs\HD SentinelPro

\hdsentinel_pro_setup.zip Timed out!!!
30 Jan 2015 15:18:06 [27bc] - ScanFile (C:\Users\Robert\Downloads\Programs\Acronis Universal Restore

\AcronisTrueImage2015_ur_en-US.msi) took 20046 ms
30 Jan 2015 15:18:06 [27bc] - Scanning of C:\Users\Robert\Downloads\Programs\Acronis Universal Restore

\AcronisTrueImage2015_ur_en-US.msi Timed out!!!
30 Jan 2015 15:18:11 [302c] - ScanFile (C:\Users\Robert\Pictures\Family Tree\family\My Chidren\Sarah_Rose\SR

Camera Pana\P1000313.JPG) took 6552 ms
30 Jan 2015 15:18:52 [2f5c] - ScanFile (C:\VIPRERESCUE\Quarantine\{FE1DD67A-57D1-4B0A-8AD6-E472C247F27B}_ENC2)

took 6115 ms
30 Jan 2015 15:18:53 [27bc] - ScanFile (C:\VIPRERESCUE\20150113115108.csv) took 11326 ms
30 Jan 2015 15:18:53 [3050] - ScanFile (C:\VIPRERESCUE\20130709004250.csv) took 12699 ms
30 Jan 2015 15:19:34 [1fec] - ScanFile (C:\VIPRERESCUE\Quarantine\{3EC69AFE-08FC-4D7E-8FED-EEE0464A5F96}_ENC2)

took 48095 ms
30 Jan 2015 15:19:34 [1fec] - Scanning of C:\VIPRERESCUE\Quarantine\{3EC69AFE-08FC-4D7E-8FED-EEE0464A5F96}

_ENC2 Timed out!!!
30 Jan 2015 15:22:52 [2e94] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\MSTORES.DLL) took 5148 ms
30 Jan 2015 15:23:02 [30a0] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.4763\GROOVE.EXE) took 22480 ms
30 Jan 2015 15:23:02 [30a0] - Scanning of C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.4763\GROOVE.EXE Timed out!!!
30 Jan 2015 15:23:02 [33bc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\ODFFILT.DLL.x86) took 10000 ms
30 Jan 2015 15:23:13 [32fc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\POWERPNT.EXE) took 8846 ms
30 Jan 2015 15:23:14 [1fec] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.4763\MSORES.DLL) took 24212 ms
30 Jan 2015 15:23:14 [1fec] - Scanning of C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.4763\MSORES.DLL Timed out!!!
30 Jan 2015 15:23:31 [1ac4] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86) took 5008 ms
30 Jan 2015 15:23:31 [27bc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86) took 5008 ms
30 Jan 2015 15:23:31 [2f5c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\EXCEL.EXE) took 9595 ms
30 Jan 2015 15:23:41 [1fec] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86) took 10077 ms
30 Jan 2015 15:23:41 [33bc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86) took 10202 ms
30 Jan 2015 15:23:41 [206c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86) took 10218 ms
30 Jan 2015 15:23:41 [2e94] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86) took 10218 ms
30 Jan 2015 15:23:41 [1ac4] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1F764691F11C67F458B88521DA8CB349\4.30.2100\msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7) took 10358 ms
30 Jan 2015 15:23:42 [315c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\MSO.DLL.x86) took 7581 ms
30 Jan 2015 15:23:42 [0e6c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86) took 10577 ms
30 Jan 2015 15:23:45 [3050] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\48B421222B3930642B214166564E6B1B\12.1.20081\nfx.chameleon.sharp..5D83A397_795B_442D_8A57_ACAFD0D39806) took

10016 ms
30 Jan 2015 15:23:52 [3050] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMDiagnostics.dll_gac_x86) took 6177 ms
30 Jan 2015 15:23:52 [27bc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMDiagnostics.dll.x86) took 6177 ms
30 Jan 2015 15:23:52 [1fec] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\48B421222B3930642B214166564E6B1B\12.1.20081\specialoffer.exe.7F8E0F84_76D6_4904_B954_F8E33FC84A4E) took 10515

ms
30 Jan 2015 15:23:57 [0f34] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\GROOVE.EXE) took 27893 ms
30 Jan 2015 15:23:57 [0f34] - Scanning of C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\GROOVE.EXE Timed out!!!
30 Jan 2015 15:24:04 [302c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_deployment_dll_amd64) took 5039 ms
30 Jan 2015 15:24:04 [2f5c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\48B421222B3930642B214166564E6B1B\12.1.20081\AdvrCntr6.dll.7F8E0F84_76D6_4904_B954_F8E33FC84A4E) took 5866 ms
30 Jan 2015 15:24:12 [27dc] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\WWLIB.DLL) took 55614 ms
30 Jan 2015 15:24:12 [27dc] - Scanning of C:\Windows\Installer\$PatchCache$\Managed

\00004119110000000000000000F01FEC\14.0.7015\WWLIB.DLL Timed out!!!
30 Jan 2015 15:25:14 [27dc] - ScanFile (C:\Windows\Installer\5c73e.msp) took 5007 ms
30 Jan 2015 15:25:25 [1ac4] - ScanFile (C:\Windows\Installer\10bf10.msi) took 20342 ms
30 Jan 2015 15:25:25 [1ac4] - Scanning of C:\Windows\Installer\10bf10.msi Timed out!!!
30 Jan 2015 15:25:49 [315c] - ScanFile (C:\Windows\Installer\1ef716.msi) took 13010 ms
30 Jan 2015 15:26:03 [0f34] - ScanFile (C:\Windows\Installer\6423ec.msi) took 20202 ms
30 Jan 2015 15:26:03 [0f34] - Scanning of C:\Windows\Installer\6423ec.msi Timed out!!!
30 Jan 2015 15:26:03 [0e6c] - ScanFile (C:\Windows\Installer\6c364.msi) took 20638 ms
30 Jan 2015 15:26:03 [0e6c] - Scanning of C:\Windows\Installer\6c364.msi Timed out!!!
30 Jan 2015 15:26:20 [31f4] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe.config)

took 10000 ms
30 Jan 2015 15:26:20 [30a0] - ScanFile (C:\Windows\Logs\CBS\CbsPersist_20150120200618.cab) took 20592 ms
30 Jan 2015 15:26:20 [30a0] - Scanning of C:\Windows\Logs\CBS\CbsPersist_20150120200618.cab Timed out!!!
30 Jan 2015 15:26:21 [315c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll) took

10031 ms
30 Jan 2015 15:26:21 [3050] - ScanFile (C:\Windows\Logs\CBS\CbsPersist_20150120224642.cab) took 20685 ms
30 Jan 2015 15:26:21 [3050] - Scanning of C:\Windows\Logs\CBS\CbsPersist_20150120224642.cab Timed out!!!
30 Jan 2015 15:26:25 [206c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config) took

15038 ms
30 Jan 2015 15:26:36 [30a0] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.Drawing.Design.dll) took 5679 ms
30 Jan 2015 15:26:36 [32fc] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.DirectoryServices.AccountManagement.dll) took 5679 ms
30 Jan 2015 15:26:36 [0e6c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll) took

5538 ms
30 Jan 2015 15:26:36 [206c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll)

took 7114 ms
30 Jan 2015 15:26:36 [2e94] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.IdentityModel.Services.dll) took 5086 ms
30 Jan 2015 15:26:36 [302c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll) took

5538 ms
30 Jan 2015 15:26:36 [31f4] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.EnterpriseServices.dll) took 5289 ms
30 Jan 2015 15:26:36 [33bc] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll) took

5913 ms
30 Jan 2015 15:26:36 [1fec] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.DirectoryServices.dll) took 5538 ms
30 Jan 2015 15:26:36 [3050] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.IdentityModel.dll) took 5195 ms
30 Jan 2015 15:26:36 [0f34] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.IdentityModel.Selectors.dll) took 5086 ms
30 Jan 2015 15:26:36 [315c] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll) took 5538 ms
30 Jan 2015 15:26:36 [27bc] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.dll) took 5039

ms
30 Jan 2015 15:26:36 [2f5c] - ScanFile (C:\Windows\Microsoft.NET\Framework

\v4.0.30319\System.IO.Compression.FileSystem.dll) took 5039 ms
30 Jan 2015 15:29:06 [3050] - ScanFile (C:\Windows\SoftwareDistribution\Download

\24abccbcceaf5bea9c3e34ff1f64c2aa3d57e308) took 15865 ms
30 Jan 2015 15:29:32 [2e94] - ScanFile (C:\Windows\SoftwareDistribution\Download

\28c54491be70c38c97849c3d8cfbfdd0d3c515cb) took 5507 ms
30 Jan 2015 15:29:41 [0f34] - ScanFile (C:\Windows\SoftwareDistribution\Download

\b19211187caa726619fefd80f199bf7df3266bb7) took 7550 ms
30 Jan 2015 15:29:54 [1fec] - ScanFile (C:\Windows\System32\amdocl.dll) took 6271 ms
30 Jan 2015 15:29:57 [2e94] - ScanFile (C:\Windows\System32\AdvancedInstallers\cmiv2.dll) took 10311 ms
30 Jan 2015 15:30:00 [302c] - ScanFile (C:\Windows\SoftwareDistribution\Download

\b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847) took 25693 ms
30 Jan 2015 15:30:00 [302c] - Scanning of C:\Windows\SoftwareDistribution\Download

\b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847 Timed out!!!
30 Jan 2015 15:30:00 [1fec] - ScanFile (C:\Windows\System32\atidxx32.dll) took 5351 ms
30 Jan 2015 15:30:01 [32fc] - ScanFile (C:\Windows\System32\aticaldd.dll) took 6958 ms
30 Jan 2015 15:30:07 [27dc] - ScanFile (C:\Windows\System32\atioglxx.dll) took 11451 ms
30 Jan 2015 15:30:12 [3050] - ScanFile (C:\Windows\System32\calc.exe) took 7129 ms
30 Jan 2015 15:30:33 [31f4] - ScanFile (C:\Windows\SoftwareDistribution\Download

\42de15d48cc440a9a00b5988a016e86e\outlook-x-none.cab) took 20233 ms
30 Jan 2015 15:30:33 [31f4] - Scanning of C:\Windows\SoftwareDistribution\Download

\42de15d48cc440a9a00b5988a016e86e\outlook-x-none.cab Timed out!!!
30 Jan 2015 15:31:02 [1ac4] - ScanFile (C:\Windows\System32\d3d10warp.dll) took 5413 ms
30 Jan 2015 15:31:05 [30a0] - ScanFile (C:\Windows\System32\dbgeng.dll) took 6053 ms
30 Jan 2015 15:31:23 [0f34] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atioglxx.dll) took 7130 ms
30 Jan 2015 15:31:26 [33bc] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\c7158498.inf_amd64_neutral_c15420fd6ba0523f\B156566\atioglxx.dll) took 6958 ms
30 Jan 2015 15:31:31 [2f5c] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd64.dll) took 14882 ms
30 Jan 2015 15:31:32 [315c] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\c7158498.inf_amd64_neutral_c15420fd6ba0523f\B156566\atiumd6a.dll) took 11887 ms
30 Jan 2015 15:31:43 [30a0] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\hdxrt.inf_amd64_neutral_b7358ec6117a0af5\FMAPO32.dll) took 7831 ms
30 Jan 2015 15:32:54 [3050] - ScanFile (C:\Windows\System32\DriverStore\FileRepository

\hdxrt.inf_amd64_neutral_b7358ec6117a0af5\RCoRes64.dat) took 20109 ms
30 Jan 2015 15:32:54 [3050] - Scanning of C:\Windows\System32\DriverStore\FileRepository

\hdxrt.inf_amd64_neutral_b7358ec6117a0af5\RCoRes64.dat Timed out!!!
30 Jan 2015 15:33:50 [2e94] - ScanFile (C:\Windows\System32\LogiDPP.dll) took 5024 ms
30 Jan 2015 15:33:51 [206c] - ScanFile (C:\Windows\System32\Macromed\Flash\Flash32_16_0_0_296.ocx) took 6490

ms
30 Jan 2015 15:34:03 [30a0] - ScanFile (C:\Windows\System32\migwiz\SFLISTLH.dat) took 7550 ms
30 Jan 2015 15:34:17 [30a0] - ScanFile (C:\Windows\System32\NlsLexicons004c.dll) took 8892 ms
30 Jan 2015 15:34:21 [31f4] - ScanFile (C:\Windows\System32\RTCOM\FMAPO32.dll) took 5038 ms
30 Jan 2015 15:48:15 [302c] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-ie-

htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll) took 11279 ms
30 Jan 2015 15:50:07 [1ac4] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-os-

kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe) took 5725 ms
 
30 Jan 2015 15:51:03 [2098] - ***** Checking for specific ITW Viruses *****
 
30 Jan 2015 15:51:03 [2098] - ***** Scanning complete. *****
 
30 Jan 2015 15:51:03 [2098] - Total Objects Scanned: 200920
30 Jan 2015 15:51:03 [2098] - Total Critical Objects: 1
30 Jan 2015 15:51:03 [2098] - Total Disinfected Objects: 0
30 Jan 2015 15:51:03 [2098] - Total Objects Renamed: 0
30 Jan 2015 15:51:03 [2098] - Total Deleted Objects: 1
30 Jan 2015 15:51:03 [2098] - Total Errors: 1
30 Jan 2015 15:51:03 [2098] - Time Elapsed: 00:45:32
30 Jan 2015 15:51:03 [2098] - Virus Database Date: 30 Jan 2015
30 Jan 2015 15:51:03 [2098] - Virus Database Count: 6489932
 
30 Jan 2015 15:51:03 [2098] - Scan Completed.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 30 January 2015 - 11:02 AM

Looks good.

 

Lets see if we can speed up your machine.

 

 

 

 

 

 

Now lets get to the business. Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.

Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

 

 

 

 

 

Download install and run Wipe & System ninja

 

https://privacyroot.com/software/www/en/wipe-download.php

 

https://singularlabs.com/software/system-ninja/

 

Reboot after doing the above and tell me how your machine is running. :)

 

 



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 30 January 2015 - 11:11 AM

Note: Do not use the registry cleaner function in ccleaner!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users