Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User issue/problems


  • Please log in to reply
23 replies to this topic

#1 Joe9000

Joe9000

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 16 February 2015 - 06:24 AM

Hi, my W7 laptop is set up the way Microsoft intended (which I always find overly complicated) with an Administrator (me) and a User (also me). No-one else uses this machine, just me, and I can log in as either me or administrator (overly complicated, imho).

Anyway I now have a problem with the User (me) - web pages are taking forever to load, some time-out and don't load and trying to load a 2nd or 3rd tab does not happen. Adobe reader (always a problem) no longer works and causes IE to crash and I cannot do a system restore, even in safe mode - I just get an error message. Checking task manager I see some processes have gone away - conhost.exe, ETDCtrl.exe, node.exe*32 and unsecapp.exe have all disappeared but they don't look to be vital (to me).

Having done various checks, e.g. a registry check, sfc /scannow, a memory check, a line speedtest, etc, etc. all were fine but the problem remains. Something has got corrupted somewhere but I don't know what.

 

However.....I have found that when I log in as Administrator, all is just fine. All the processes are there, the internet works fine, pages and tabs all load fine and my alternative to Adobe reader, PDF Exchange, works fine too. No problems. Perfect.

 

So what should I do now? Should I just log in as Administrator each time from now on and forget about the User? What were Microsoft intending for single users - i.e. is the Administrator/ User separation necessary? Is it safer or better? Should I ignore or delete the original User (me)? Should I set up another User and use that? Or should I keep trying to fix the original User? Would it be safer to have lots of Users (all me) in case this happens again and I just choose a different log in each time? It all seems overly complicated to me but I would really appreciate some guidance here.



BC AdBot (Login to Remove)

 


#2 Arkion

Arkion

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:46 AM

Posted 16 February 2015 - 07:03 AM

Hello, 

 

First of all I would highly recommend using a different browser; Ideally Google Chrome as it is much faster and more secure than IE

Windows Laptops are set up like this so that there is a separation of permissions, When in Administrator mode you can use a lot more functions

on your computer which makes it a lot easier to use, however this comes with the downfall that it can be a lot easier to do something wrong and cause

errors on your computer.

 

  • Do you have AntiVirus software installed on your machine?
  • Do you have strong technical knowledge?
  • What do you tend to use your computer for ( Gaming, Internet browsing, Work Etc.)


#3 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 17 February 2015 - 04:42 AM

Hi, and thanks for this, it's appreciated.

  • I do have AntiVirus - Avast - and have done a complete scan which found 1 virus and removed it. Avast then recommended that it do a Boot Scan which I let run for about an hour and a half. That produced 118 problems, all to do with Java - which were then fixed. I had no more time to let it continue. But I do wonder if Java has become corrupted. I also did a full scan with Malewarebytes which was clear.
  • My technical knowledge is pretty decent having worked with PC's for 22 years from W3.1 onwards. Experience these days is more a hindrance than a help though because good ole Microsoft (and others) change everything every 2 years, so what you've learned becomes worthless.
  • I use the computer for work, 95% with lots of different programs, and` general browsing 5%. No gaming at any point.

I am finding that I would prefer to get my User back if possible, mainly don't want to have to set up Outlook again for email. And I suppose that the separation of User and Administrator has been sort of useful here. Ish.



#4 Arkion

Arkion

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:46 AM

Posted 17 February 2015 - 04:48 AM

  • These could just be Java updates; When you get an alert asking you to update Java do you click "no" or "remind me later"?
  • To be honest a lot of the time the seperation is put in place mainly for people with absolutely no knowledge say for example children playing with a laptop that will just click on links and try to download things..

With your knowledge and what you use your PC for I would see absolutely no harm in you using your Administrator mode..

 

You can just give your user account Administrator permissions then remove your Administrator account ( You won't have to set anything up again ) 



#5 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 17 February 2015 - 08:39 AM

Thanks, that sounds possible. I tried/ am trying Chrome but it doesn't work at all at present - just a blank screen - under the User log-on. I will probably reinstall it next and try it under Administrator.

Re Java updates, I normally say no to all updates - because (a) of the interruption and (B) of the change: I hate change even more than interruptions. And yes, I know from a safety standpoint I should schedule some updates sometimes. Should I try and update Java now?

 

This thought does bring up another issue: I can't update Windows, error message 80070005. In the past Windows updates hijacked my machine right when I was in the middle of important stuff so I stopped the updates altogether. Now, when I'd like to update, I can't. Such is life with computers. Have you any ideas as to how I can update W7 now?

 

Thanks again btw.



#6 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 17 February 2015 - 08:45 AM

PS That smiley is actually a (B) - which is actually what I typed. So much for being in control - technology just does it's own thing these days. I think someone has let some AI out for a spin round the web. (Intelligence being a moot point.)


OK I give up; for smiley read b which is a B



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:46 PM

Posted 17 February 2015 - 10:40 AM

Java update are very important.  If Java is out of date this becomes a security risk, this is why Java provides the updates.  This is also true of Adobe Reader and Internet Explorer.

 

Your anitvirus found malware, it may have only found one instance, but a antivirus will not find all types of malware.  I would suggest that you allow the members in the Am I Infected forum to help you check to see if there is other malware which needs cleaning.

 

I've requested that this topic be moved to the Am I Infected forum.  The scan needed to be run can not be run in the Windows forums.

 

Mod Edit:  Topic moved to Am I Infected - Hamluis.


Edited by hamluis, 17 February 2015 - 11:26 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:46 PM

Posted 17 February 2015 - 12:55 PM

Let's look at a few logs....

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 21 February 2015 - 09:16 AM

Well.......have run all of the above this morning and afternoon. Took over 3 hours. Now I can't reply - get a message that I do not have permission for this!! What on earth? I wonder if this will post? Let's see....

#10 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 21 February 2015 - 09:23 AM

OK, that worked but I can't post the logs. I "don't have permission for that action." Why? How? What's the problem?

The logs are huge - very few threats but loads of other stuff. Is that the problem - post too big?

What now?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:46 PM

Posted 21 February 2015 - 10:13 PM

Can you split them across a few posts?

If something ran clean no log needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 22 February 2015 - 02:14 PM

OK I'll try. Let's start with this:

Many thanks for this. Sorry for the delay - I needed to find a spare 3.5 hours to run this stuff; that ESET scanner has been going over 2 hours 20 mins and isn't finished yet, stuck at 97%. I'm going to have to stop it now - time available is finite and up. It has found 12 threats which I hope might appear in a log even though it's incomplete. I did update my Java earlier but that hasn't helped anything. So the logs requested are:

MiniToolBox by Farbar Version: 30-11-2014
Ran by SMG (administrator) on 21-02-2015 at 10:55:28
Running from "C:\Users\SMG\Downloads"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SMG-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
Physical Address. . . . . . . . . : 4C-0F-6E-0E-17-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d042:dcec:d02b:a917%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 February 2015 10:22:11
Lease Expires . . . . . . . . . . : 22 February 2015 10:22:11
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 306974574
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-44-AF-EE-1C-75-08-06-28-02
DNS Servers . . . . . . . . . . . : fe80::9e97:26ff:fe78:fb5c%12
192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 1C-75-08-06-28-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DE392212-4EF8-4B43-B872-457CB70CA61F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: fe80::9e97:26ff:fe78:fb5c

Name: google.com
Addresses: 2a00:1450:4009:80a::200e
216.58.209.238


Pinging google.com [216.58.209.238] with 32 bytes of data:
Reply from 216.58.209.238: bytes=32 time=45ms TTL=56
Reply from 216.58.209.238: bytes=32 time=44ms TTL=56

Ping statistics for 216.58.209.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 45ms, Average = 44ms
Server: dsldevice.lan
Address: fe80::9e97:26ff:fe78:fb5c

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=197ms TTL=46
Reply from 206.190.36.45: bytes=32 time=209ms TTL=46

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 197ms, Maximum = 209ms, Average = 203ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...4c 0f 6e 0e 17 68 ......Atheros AR5B97 Wireless Network Adapter
11...1c 75 08 06 28 02 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::d042:dcec:d02b:a917/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/21/2015 10:22:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: ePowerTray.exe, version: 5.0.3005.0, time stamp: 0x4c11ccf9
Faulting module name: ePowerTray.exe, version: 5.0.3005.0, time stamp: 0x4c11ccf9
Exception code: 0xc0000005
Fault offset: 0x0000000000001e99
Faulting process id: 0x8ac
Faulting application start time: 0xePowerTray.exe0
Faulting application path: ePowerTray.exe1
Faulting module path: ePowerTray.exe2
Report Id: ePowerTray.exe3

Error: (02/20/2015 07:07:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 07:02:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/20/2015 11:03:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x020e92a6
Faulting process id: 0x1218
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (02/20/2015 10:23:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x008e92a6
Faulting process id: 0x11c4
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (02/19/2015 07:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: mspst32.dll, version: 11.0.8317.0, time stamp: 0x4ae0c06f
Exception code: 0xc0000005
Fault offset: 0x00014b7c
Faulting process id: 0xf6c
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3

Error: (02/19/2015 07:15:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x006d92a6
Faulting process id: 0xe50
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (02/19/2015 07:12:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: ePowerTray.exe, version: 5.0.3005.0, time stamp: 0x4c11ccf9
Faulting module name: ePowerTray.exe, version: 5.0.3005.0, time stamp: 0x4c11ccf9
Exception code: 0xc0000005
Fault offset: 0x0000000000001e99
Faulting process id: 0x3cc
Faulting application start time: 0xePowerTray.exe0
Faulting application path: ePowerTray.exe1
Faulting module path: ePowerTray.exe2
Report Id: ePowerTray.exe3

Error: (02/19/2015 07:08:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x005392a6
Faulting process id: 0x11f8
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (02/19/2015 07:07:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00a592a6
Faulting process id: 0xe8c
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3


System errors:
=============
Error: (02/21/2015 10:37:49 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:49 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:48 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:48 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:47 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:47 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:46 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:46 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:45 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (02/21/2015 10:37:45 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (02/21/2015 10:22:49 AM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e998ac01d04dc04bb744f9C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exeC:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe957fac70-b9b3-11e4-8068-1c7508062802

Error: (02/20/2015 07:07:01 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (02/20/2015 07:02:11 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/20/2015 11:03:37 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005020e92a6121801d04cf75851ba4bC:\MS Office 2003\OFFICE11\OUTLOOK.EXEunknown1df78e84-b8f0-11e4-a9cd-1c7508062802

Error: (02/20/2015 10:23:46 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005008e92a611c401d04ceda40b9d5fC:\MS Office 2003\OFFICE11\OUTLOOK.EXEunknown8d242728-b8ea-11e4-a9cd-1c7508062802

Error: (02/19/2015 07:15:08 PM) (Source: Application Error)(User: )
Description: SearchProtocolHost.exe7.0.7600.163854a5bcdd0mspst32.dll11.0.8317.04ae0c06fc000000500014b7cf6c01d04c7818c065f2C:\Windows\sysWow64\SearchProtocolHost.exeC:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1033\mspst32.dll9dc7f0ba-b86b-11e4-a9cd-1c7508062802

Error: (02/19/2015 07:15:03 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005006d92a6e5001d04c78058f4dc1C:\MS Office 2003\OFFICE11\OUTLOOK.EXEunknown9acbd702-b86b-11e4-a9cd-1c7508062802

Error: (02/19/2015 07:12:19 PM) (Source: Application Error)(User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e993cc01d04c77f9b9c08fC:\Program Files\eMachines\eMachines Power Management\ePowerTray.exeC:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe392784fa-b86b-11e4-a9cd-1c7508062802

Error: (02/19/2015 07:08:34 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005005392a611f801d04c77663b47b8C:\MS Office 2003\OFFICE11\OUTLOOK.EXEunknownb3207f35-b86a-11e4-b962-1c7508062802

Error: (02/19/2015 07:07:57 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c000000500a592a6e8c01d04c76bc1619a7C:\MS Office 2003\OFFICE11\OUTLOOK.EXEunknown9c9ffd23-b86a-11e4-b962-1c7508062802



=========================== Installed Programs ============================
Accounts (x32 Version: 18.0.10.208 - Sage (UK) Ltd) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
ATI Catalyst Install Manager (HKLM\...\{21958FA9-A346-4745-E831-98013FA0C203}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Attach Plus (HKLM-x32\...\AttachPlus) (Version: 2.2.14.14 - Attach Plus, LLC)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 14.1.14168.197 - HM Revenue & Customs)
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools) (Version: 3.1.2.15508 - HM Revenue & Customs)
Basic PAYE Tools 2012 (HKLM-x32\...\Basic PAYE Tools 2012) (Version: 4.0.2.20305 - HM Revenue & Customs)
Bedtime Trader (HKLM-x32\...\Bedtime Trader) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brother HL-2035 (HKLM-x32\...\{5B7A3E00-B7B0-46D2-825A-08339F5DAA9A}) (Version: 1.00 - Brother)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CaseWare Working Papers 2001 (HKLM-x32\...\CaseWare Working Papers 2001) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help English (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help French (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help German (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0421.657.10561 - ATI) Hidden
ccc-utility64 (Version: 2010.0421.657.10561 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
eMachines Game Console (x32 Version: - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.1.3 - WildTangent)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0806.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
e-PDF Converter and Creator v2.1 (HKLM-x32\...\e-PDF Converter and Creator v2.1_is1) (Version: - e-PDFConverter Inc)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FilePrint 1.3.0 (HKLM-x32\...\FilePrint_is1) (Version: - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube Downloader 4.0.305 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GKFX FX - CFDs (HKLM-x32\...\GKFX FX - CFDs) (Version: 4.00 - MetaQuotes Software Corp.)
GKFX Spread Trading (HKLM-x32\...\GKFX Spread Trading) (Version: 4.00 - MetaQuotes Software Corp.)
Google Advertising Cookie Opt-out (HKLM\...\{CCFFFF08-1015-4285-B00B-FD2D6D0375F8}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.0.2352 (HKCU\...\GoToMeeting) (Version: 7.1.0.2352 - CitrixOnline)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP PrecisionScan LTX (HKLM-x32\...\HP PrecisionScan LTX) (Version: - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
Improved DailyMotion Downloader 0.9 (HKLM-x32\...\Improved DailyMotion Downloader) (Version: 0.9 - Improved Software)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Keytime Suite 2012 (HKLM-x32\...\{2097A040-E881-4B50-83D5-CD86B8E6D74A}) (Version: 200.00.0164 - Keytime Objective)
Keytime Suite 2012 (HKLM-x32\...\{998CE750-2909-499E-B96C-9F13CBAF734D}) (Version: 200.00.0151 - Keytime Objective)
Keytime Suite 2012 Update (HKLM-x32\...\{74477A1E-8B67-4BE2-93E7-A4E3B07187E1}) (Version: 200.00.0166 - Keytime Objective)
Keytime Suite 2012 Update (HKLM-x32\...\{C3B534C4-E7AA-48FC-9361-BB9975A2D8B3}) (Version: 200.00.0169 - Keytime Objective)
Keytime Suite 2013 (HKLM-x32\...\{EA3A0302-FDB0-4808-B0FA-589779F21965}) (Version: 210.00.0000 - Keytime Objective)
Keytime Suite 2013 Update (HKLM-x32\...\{6D753802-E342-4392-9A74-55EA6C3823CA}) (Version: 210.00.0214 - Keytime Objective)
Keytime Suite 2014 (HKLM-x32\...\{6FACAEB3-6673-432A-88DF-0C11F888EBDD}) (Version: 210.14.0001 - Keytime Objective)
Keytime Suite 2014 Update (HKLM-x32\...\{08915B44-6FBA-4B8C-B43F-4982C685278C}) (Version: 210.14.0019 - Keytime Objective)
Keytime Suite 2014 Update (HKLM-x32\...\{C41A7A43-A4B1-4A08-86DC-1E3DCD3A8E6D}) (Version: 210.14.0010 - Keytime Objective)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - eMachines)
LibreOffice 3.6 (HKLM-x32\...\{1E85458A-9B00-443F-A187-2E06DBB15E43}) (Version: 3.6.2.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (English (United Kingdom)) (HKLM-x32\...\{272683E1-8959-42C5-90D2-DED054171507}) (Version: 3.6.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.2 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.2 - Media Player Codec Pack)
MEO Encryption Software (HKLM-x32\...\Meo) (Version: - NCH Software)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.209.0 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Repair 5.0.1.66 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.66 - Glarysoft Ltd)
Sage 50 Accounts 2012 (HKLM-x32\...\InstallShield_{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}) (Version: 18.0.10.208 - Sage (UK) Ltd)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.114 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.3.7 - GridinSoft LLC)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.505 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 1786.9 MB
Available physical RAM: 724.67 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 1996.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.29 MB

========================= Partitions: =====================================

1 Drive c: (eMachines) (Fixed) (Total:218.79 GB) (Free:152.68 GB) NTFS

========================= Users: ========================================

User accounts for \\SMG-PC

Administrator Guest SMG


**** End of log ****

#13 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 22 February 2015 - 02:17 PM

Good, that went OK, so maybe the next...

Re TDSSKiller, it found no threats. The log won't copy though - no file/copy function, no right click response and it can't be found anywhere else on my machine.

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 11:10:30
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : SMG - SMG-PC
# Running from : C:\Users\SMG\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\SMG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Users\SMG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\SMG\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\SMG\AppData\Roaming\GrabPro
Folder Found : C:\Users\SMG\AppData\Roaming\ProgSense

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FileTypeAssistant
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\ProgSense
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\FileTypeAssistant
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\ProgSense
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [10657 bytes] - [21/02/2015 11:10:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10717 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by SMG on 21/02/2015 at 11:18:25.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_doro-pdf-writer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_doro-pdf-writer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_keytweak_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_keytweak_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_doro-pdf-writer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_doro-pdf-writer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_keytweak_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_keytweak_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\SMG\appdata\local\filetypeassistant"
Failed to delete: [Folder] "C:\Users\SMG\appdata\local\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2015 at 11:25:57.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 22 February 2015 - 02:22 PM

Good again, so finally....

ESET log:

C:\Program Files (x86)\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\bttb\bttb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\bttb\bttbX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\bttb\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files (x86)\NCH Software\Meo\meo.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Meo\meosetup_v2.15.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\ProgramData\ZebkOhajy\DezkUkij.kdt a variant of Win32/Kryptik.CZBD trojan
C:\Users\All Users\ZebkOhajy\DezkUkij.kdt a variant of Win32/Kryptik.CZBD trojan
C:\Users\SMG\AppData\Local\Temp\mwxwzfsb.dat a variant of Win32/Kryptik.CZBD trojan
C:\Users\SMG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\550e0ada-4859d458 a variant of Java/Exploit.Agent.QMY trojan
C:\Users\SMG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4efe07f1-25915327 a variant of Java/Exploit.CVE-2013-2423.DE trojan
C:\Users\SMG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\116168b6-52272e9e a variant of Java/Exploit.Agent.PCX trojan

That's it, 3 hours worth, hope it doesn't take 3 hours to read.
Many thanks for your assistance.

#15 Joe9000

Joe9000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 23 February 2015 - 05:09 AM

So I see I have some virus activity there. I have deleted ProgramData\ZebkOhajy several times but it just recreates itself every time! Spooky. I have also scanned it with my AV -Avast- but it says 'No Threat found', which doesn't give me great confidence in Avast.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users