Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Link redirect virus - Windows 7


  • Please log in to reply
7 replies to this topic

#1 Lyuz

Lyuz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 20 April 2015 - 09:22 AM

Hello,

 

I am a noob using Windows 7 Home Premium. 

 

The problem

 

When I'm on, for example Youtube or checking my mail and I click on a link, I get redirected to adverts/spam that are not consistently from the same adverts/website. I think it happens on different browsers too. It happens about every 3 out of 10 clicks.

 

Done so far

 

I uninstalled suspicious programs in the control panel

I tried using ADWCleaner, Malwarebytes Anti Malware

 

Nothing has worked so far

 

Thanks

 

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 20 April 2015 - 09:26 AM

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Lyuz

Lyuz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 23 April 2015 - 04:31 AM

Ok I ran them all. After I ran Zemana I rebooted and it scanned again so that's why there's two of the logs.

 

22 Apr 2015 18:37:59 [03ec] - **********************************************************

22 Apr 2015 18:37:59 [03ec] - MWAV - eScanAV AntiVirus Toolkit.

22 Apr 2015 18:37:59 [03ec] - Copyright © MicroWorld Technologies

22 Apr 2015 18:37:59 [03ec] - **********************************************************

22 Apr 2015 18:37:59 [03ec] - Source: C:\Users\O\Desktop\mwav.exe

22 Apr 2015 18:37:59 [03ec] - Version 14.0.178 (C:\USERS\O\APPDATA\LOCAL\TEMP\MEXE.COM)

22 Apr 2015 18:37:59 [03ec] - Log File: C:\Users\O\AppData\Local\Temp\MWAV.LOG

22 Apr 2015 18:37:59 [03ec] - MWAV Registered: TRUE

22 Apr 2015 18:37:59 [03ec] - User Account: O (Administrator Mode)

22 Apr 2015 18:37:59 [03ec] - OS Type: Windows Workstation [InstallType: Client]

22 Apr 2015 18:37:59 [03ec] - OS: Windows 7 64-Bit [OS Install Date: 16 Aug 2012 17:06:58]

22 Apr 2015 18:37:59 [03ec] - Ver: Personal Service Pack 1 (Build 7601)

22 Apr 2015 18:37:59 [03ec] - System Up Time: 1 Hour, 4 Minutes, 35 Seconds

 

 

22 Apr 2015 18:37:59 [03ec] - Parent Process Name : C:\Users\O\Desktop\mwav.exe

22 Apr 2015 18:37:59 [03ec] - Windows Root  Folder: C:\Windows

22 Apr 2015 18:37:59 [03ec] - Windows Sys32 Folder: C:\Windows\system32

22 Apr 2015 18:37:59 [03ec] - DHCP NameServer: 192.168.1.254

22 Apr 2015 18:37:59 [03ec] - Interface0 DHCPNameServer: 192.168.1.254

22 Apr 2015 18:37:59 [03ec] - Local Fixed Drives: c:\,q:\

22 Apr 2015 18:37:59 [03ec] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)

22 Apr 2015 18:37:59 [03ec] - [CREATED ZIP FILE: C:\Users\O\AppData\Local\Temp\pinfect.zip]

22 Apr 2015 18:37:59 [03ec] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.

22 Apr 2015 18:37:59 [03ec] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\O\AppData\Local\Temp\ESCANDB.LOG]

22 Apr 2015 18:37:59 [03ec] - Loaded/Created FileScan Cache Database...

22 Apr 2015 18:37:59 [03ec] - Loading AV Library [DB]...

22 Apr 2015 18:38:03 [03ec] - ArchiveScan: DISABLED

22 Apr 2015 18:38:04 [03ec] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].

22 Apr 2015 18:38:04 [03ec] - MWAV doing self scanning...

22 Apr 2015 18:38:04 [03ec] - MWAV files are clean.

22 Apr 2015 18:38:12 [03ec] - ArchiveScan: DISABLED

22 Apr 2015 18:38:12 [03ec] - Virus Database Date: 02 Mar 2015

22 Apr 2015 18:38:12 [03ec] - Virus Database Count: 6701505

22 Apr 2015 18:38:12 [03ec] - Sign Version: 7.59505 [518257]

 

22 Apr 2015 18:38:49 [03ec] - **********************************************************

22 Apr 2015 18:38:49 [03ec] - MWAV - eScanAV AntiVirus Toolkit.

22 Apr 2015 18:38:49 [03ec] - Copyright © MicroWorld Technologies

22 Apr 2015 18:38:49 [03ec] -

22 Apr 2015 18:38:49 [03ec] - Support: support@escanav.com

22 Apr 2015 18:38:49 [03ec] - Web: http://www.escanav.com

22 Apr 2015 18:38:49 [03ec] - **********************************************************

22 Apr 2015 18:38:49 [03ec] - Version 14.0.178[DB] (C:\USERS\O\APPDATA\LOCAL\TEMP\MEXE.COM)

22 Apr 2015 18:38:49 [03ec] - Log File: C:\Users\O\AppData\Local\Temp\MWAV.LOG

22 Apr 2015 18:38:49 [03ec] - User Account: O (Administrator Mode)

22 Apr 2015 18:38:49 [03ec] - Parent Process Name : C:\Users\O\Desktop\mwav.exe

22 Apr 2015 18:38:49 [03ec] - Windows Root  Folder: C:\Windows

22 Apr 2015 18:38:49 [03ec] - Windows Sys32 Folder: C:\Windows\system32

22 Apr 2015 18:38:49 [03ec] - OS: Windows 7 64-Bit [OS Install Date: 16 Aug 2012 17:06:58]

22 Apr 2015 18:38:49 [03ec] - Ver: Personal Service Pack 1 (Build 7601)

22 Apr 2015 18:38:49 [03ec] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.

 

22 Apr 2015 18:38:49 [0e94] - Options Selected by User:

22 Apr 2015 18:38:49 [0e94] - Memory Check: Enabled

22 Apr 2015 18:38:49 [0e94] - Registry Check: Enabled

22 Apr 2015 18:38:49 [0e94] - StartUp Folder Check: Enabled

22 Apr 2015 18:38:49 [0e94] - System Folder Check: Enabled

22 Apr 2015 18:38:49 [0e94] - Services Check: Enabled

22 Apr 2015 18:38:49 [0e94] - Scan Spyware: Enabled

22 Apr 2015 18:38:49 [0e94] - Scan Archives: Disabled

22 Apr 2015 18:38:49 [0e94] - Drive Check: Enabled

22 Apr 2015 18:38:49 [0e94] - All Drive Check :Disabled

22 Apr 2015 18:38:49 [0e94] - Drive Selected = C:\

22 Apr 2015 18:38:49 [0e94] - Folder Check: Disabled

22 Apr 2015 18:38:49 [0e94] - SCAN: All_Files [ANSI]

22 Apr 2015 18:38:49 [0e94] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)

 

22 Apr 2015 18:38:49 [0e94] - Scanning DNS Records...

22 Apr 2015 18:38:49 [0e94] - Scanning Master Boot Record (User)...

22 Apr 2015 18:38:49 [0e94] - Scanning Logical Boot Records...

22 Apr 2015 18:38:50 [0e94] - ***** Scanning For Hidden Rootkit Processes *****

22 Apr 2015 18:38:50 [0e94] - ***** Scanning For Hidden Rootkit Services *****

 

22 Apr 2015 18:38:56 [0e94] - ***** Scanning Memory Files *****

 

22 Apr 2015 18:39:04 [0e94] - ***** Scanning Registry Files *****

22 Apr 2015 18:39:05 [0e94] - ERROR(3)!!! Invalid Entry StubPath = "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome (in key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}). Action Taken: Removing it.

22 Apr 2015 18:39:07 [0e94] - ERROR(3)!!! Invalid Entry MacroKeyManager = WTMKM.exe (in key HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.

 

22 Apr 2015 18:39:07 [0e94] - ***** Scanning StartUp Folders *****

22 Apr 2015 18:45:14 [0ccc] - Scanning File C:\Users\O\Desktop\L \xf-sms50.exe

22 Apr 2015 18:45:14 [0ccc] - File C:\Users\O\Desktop\L \xf-sms50.exe infected by "Trojan.Generic.8782376 (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 18:45:23 [0f08] - ScanFile (C:\Users\O\Desktop\L \uMark.zip) took 6723 ms

22 Apr 2015 18:48:02 [0f08] - ScanFile (C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\jdk1.6.0_20\ss160200.cab) took 6333 ms

22 Apr 2015 18:48:07 [0bb0] - ScanFile (C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\jdk1.6.0_20\st160200.cab) took 11606 ms

22 Apr 2015 18:49:38 [0bb0] - Scanning File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\8cc76d3-712fb989

22 Apr 2015 18:49:38 [0bb0] - File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\8cc76d3-712fb989 infected by "Exploit.Java.CVE.BB[ZP] (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 18:49:38 [0cac] - Scanning File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\265d3319-4edc9ad3

22 Apr 2015 18:49:38 [0cac] - File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\265d3319-4edc9ad3 infected by "Exploit.Java.CVE.BB[ZP] (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 18:49:38 [0cac] - Scanning File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-6530af1d

22 Apr 2015 18:49:38 [0cac] - File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-6530af1d infected by "Java.Exploit.CVE-2009-3869.A[ZP] (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 18:49:39 [0bb0] - Scanning File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\22404bb4-64fea030

22 Apr 2015 18:49:39 [0bb0] - File C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\22404bb4-64fea030 infected by "Exploit.Java.CVE.BB[ZP] (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 18:49:51 [0cac] - ScanFile (C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\jdk1.6.0_04\ss160000.cab) took 8907 ms

22 Apr 2015 18:49:54 [0f08] - ScanFile (C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\Sun\Java\jdk1.6.0_04\st160000.cab) took 12309 ms

22 Apr 2015 18:54:09 [0cac] - Scanning File C:\Users\O\AppData\Roaming\392D2600-1424627961-1020-0628-091015000000\jnshACF0.tmp

22 Apr 2015 18:54:09 [0cac] - File C:\Users\O\AppData\Roaming\392D2600-1424627961-1020-0628-091015000000\jnshACF0.tmp infected by "Gen:Variant.Graftor.176997 (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 19:24:01 [0cac] - Scanning File C:\Users\O\AppData\Roaming\VQ

22 Apr 2015 19:24:01 [0cac] - File C:\Users\O\AppData\Roaming\VQ infected by "Adware.JS.Mplug.A[ZP] (DB)" Virus! Action Taken: File Deleted.

 

 

22 Apr 2015 19:28:54 [0e94] - ***** Scanning Service Files *****

22 Apr 2015 19:28:55 [0e94] - Scanning File C:\Windows\system32\drivers\1394ohci.sys

22 Apr 2015 19:28:55 [0e94] - ERROR(2)!!! ScanFile Fails for C:\Windows\system32\drivers\1394ohci.sys...

22 Apr 2015 19:29:04 [0e94] - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\drivers\EagleX64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\EagleX64.

22 Apr 2015 19:29:21 [0e94] - ERROR(2)!!! Invalid Entry system32\DRIVERS\rsmd5.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\rsmd5.

22 Apr 2015 19:29:26 [0e94] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].

22 Apr 2015 19:29:34 [0e94] - ERROR(2)!!! Invalid Entry \??\C:\Windows\SysWOW64\Drivers\X6va012. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\X6va012.

 

22 Apr 2015 19:29:34 [0e94] - ***** Scanning Registry and File system for Adware/Spyware *****

22 Apr 2015 19:29:34 [0e94] - Loading Spyware Signatures from new External Database [Name: C:\Users\O\AppData\Local\Temp\spydb.avs, Size: 464717]...

22 Apr 2015 19:29:34 [0e94] - Indexed Spyware Databases Successfully Created...

 

22 Apr 2015 19:29:55 [0e94] - Offending file found: C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\ShoppingReport2\cs\dwld\WhiteList.xip

22 Apr 2015 19:29:55 [0e94] - System found infected with Hotbar.ShopperReports Toolbar (WhiteList.xip)! Action taken: File Deleted.

22 Apr 2015 19:29:55 [0e94] - Object "Hotbar.ShopperReports Toolbar" found in File System! Action Taken: File Deleted.

 

22 Apr 2015 19:29:55 [0e94] - Offending file found: C:\Users\O\Desktop\L\Other\New folder\L\AppData\LocalLow\ShoppingReport2\cs\res1\WhiteList.dbs

22 Apr 2015 19:29:55 [0e94] - System found infected with Hotbar.ShopperReports Toolbar (WhiteList.dbs)! Action taken: File Deleted.

22 Apr 2015 19:29:55 [0e94] - Object "Hotbar.ShopperReports Toolbar" found in File System! Action Taken: File Deleted.

 

22 Apr 2015 19:30:27 [0e94] - Offending file found: C:\Users\O\AppData\Local\Temp\dummy.htm

22 Apr 2015 19:30:27 [0e94] - System found infected with BetterInternet Trojan (C:\Users\O\AppData\Local\Temp\dummy.htm)! Action taken: File Deleted.

22 Apr 2015 19:30:27 [0e94] - Object "BetterInternet Trojan" found in File System! Action Taken: File Deleted.

 

 

22 Apr 2015 19:30:28 [0e94] - ***** Scanning Registry Files *****

22 Apr 2015 19:30:28 [0e94] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com

22 Apr 2015 19:30:28 [0e94] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.

22 Apr 2015 19:30:28 [0e94] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.

22 Apr 2015 19:30:28 [0e94] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.

22 Apr 2015 19:30:28 [0e94] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.

22 Apr 2015 19:30:28 [0e94] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

22 Apr 2015 19:30:28 [0e94] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://www.google.co.uk/

22 Apr 2015 19:30:28 [0e94] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://www.google.co.uk/

 

22 Apr 2015 19:30:28 [0e94] - ***** Scanning System32 Folders *****

 

22 Apr 2015 19:32:10 [0cac] - Scanning File C:\Users\O\AppData\Local\Temp\3729179885406630175.exe

22 Apr 2015 19:32:10 [0cac] - File C:\Users\O\AppData\Local\Temp\3729179885406630175.exe infected by "Trojan.GenericKD.2157660 (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 19:32:16 [0ccc] - Scanning File C:\Users\O\AppData\Local\Temp\AVCBack\3729179885406630175.exe

22 Apr 2015 19:32:16 [0ccc] - File C:\Users\O\AppData\Local\Temp\AVCBack\3729179885406630175.exe infected by "Trojan.GenericKD.2157660 (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 19:32:20 [0bb0] - Scanning File C:\Users\O\AppData\Local\Temp\awhBF3A.tmp

22 Apr 2015 19:32:20 [0bb0] - File C:\Users\O\AppData\Local\Temp\awhBF3A.tmp infected by "Trojan.GenericKD.2085822 (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 19:32:37 [0cac] - ScanFile (C:\Users\O\AppData\Local\Temp\AVCBack\vlc-2.1.5-win32.exe) took 8674 ms

 

22 Apr 2015 19:32:59 [0e94] - ***** Scanning Drive C:\ *****

22 Apr 2015 19:33:38 [0cac] - ScanFile (C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\Display\W76A_INF\B_96322\atioglxx.dl_) took 9033 ms

22 Apr 2015 19:44:32 [0cac] - Scanning File C:\Program Files (x86)\eMachines\Registration\eMachines\Languages\Lietuviu_LT.ui

22 Apr 2015 19:44:32 [0bb0] - Scanning File C:\Program Files (x86)\eMachines\Registration\eMachines\Languages\Româna_RO.ui

22 Apr 2015 19:44:32 [0ccc] - Scanning File C:\Program Files (x86)\eMachines\Registration\eMachines\Languages\Slovencina_SK.ui

22 Apr 2015 19:44:32 [0cac] - Scanning File C:\Program Files (x86)\eMachines\Registration\eMachines\Languages\Ceština_CS.ui

22 Apr 2015 19:48:43 [0f08] - ScanFile (C:\Program Files (x86)\NEXON\Europe MapleStory\HShield\ehsvc.dll) took 6255 ms

22 Apr 2015 19:49:44 [0f08] - ScanFile (C:\Program Files (x86)\Skype\Phone\Skype.exe) took 9017 ms

22 Apr 2015 19:56:42 [0f08] - Scanning File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2009\plug-ins\vsSkinner.mll

22 Apr 2015 19:56:42 [0f08] - File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2009\plug-ins\vsSkinner.mll infected by "Gen:Variant.Kazy.562905 (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 19:56:43 [0cac] - Scanning File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2011\plug-ins\vsSkinner.mll

22 Apr 2015 19:56:43 [0cac] - File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2011\plug-ins\vsSkinner.mll infected by "Gen:Variant.Kazy.562905 (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 19:56:44 [0ccc] - Scanning File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2012\plug-ins\vsSkinner.mll

22 Apr 2015 19:56:44 [0ccc] - File C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sdktools\maya\2012\plug-ins\vsSkinner.mll infected by "Gen:Variant.Kazy.562905 (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 20:21:53 [0bb0] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

22 Apr 2015 20:21:53 [0f08] - Scanning File C:\System Volume Information\{4d54241b-e90d-11e4-83f3-00262d39482c}{3808876b-c176-4e48-b7ae-04046e6cc752}

22 Apr 2015 20:21:53 [0ccc] - Scanning File C:\System Volume Information\{aec7a342-e3a7-11e4-b14b-00262d39482c}{3808876b-c176-4e48-b7ae-04046e6cc752}

22 Apr 2015 20:21:53 [0bb0] - Scanning File C:\System Volume Information\{aec7a346-e3a7-11e4-b14b-00262d39482c}{3808876b-c176-4e48-b7ae-04046e6cc752}

22 Apr 2015 20:21:54 [0f08] - Scanning File C:\System Volume Information\{c03081c9-e50f-11e4-b6fb-00262d39482c}{3808876b-c176-4e48-b7ae-04046e6cc752}

22 Apr 2015 20:21:55 [0ccc] - Scanning File C:\Users\O\AppData\Local\392D2600-1424628016-1020-0628-091015000000\snsn3D6F.tmp

22 Apr 2015 20:21:55 [0ccc] - File C:\Users\O\AppData\Local\392D2600-1424628016-1020-0628-091015000000\snsn3D6F.tmp infected by "Trojan.GenericKD.2186348 (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 20:21:56 [0f08] - Scanning File C:\Users\O\AppData\Local\392D2600-1424628016-1020-0628-091015000000\onsc3D80.tmp

22 Apr 2015 20:21:56 [0f08] - File C:\Users\O\AppData\Local\392D2600-1424628016-1020-0628-091015000000\onsc3D80.tmp infected by "Gen:Variant.Adware.ConvertAd.2 (DB)" Virus! Action Taken: File Deleted.

 

22 Apr 2015 20:26:39 [0f08] - Scanning File C:\Users\O\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\31dc98a-2e93a31a

22 Apr 2015 20:26:39 [0f08] - File C:\Users\O\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\31dc98a-2e93a31a infected by "Java.Exploit.CVE-2012-1723.AE[ZP] (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 20:26:40 [0ccc] - Scanning File C:\Users\O\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\31a8e1d0-61d60375

22 Apr 2015 20:26:40 [0ccc] - File C:\Users\O\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\31a8e1d0-61d60375 infected by "Exploit.Java.CVE-2013-0422.F[ZP] (DB)" Virus! Action Taken: File Renamed.

 

22 Apr 2015 20:27:10 [0cac] - ScanFile (C:\Users\O\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll) took 5819 ms

22 Apr 2015 20:27:10 [0f08] - ScanFile (C:\Users\O\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll) took 6334 ms

22 Apr 2015 20:39:29 [0f08] - ScanFile (C:\Windows\Installer\964352.msp) took 9547 ms

22 Apr 2015 20:39:38 [0f08] - ScanFile (C:\Windows\Installer\cb00a8.msp) took 6739 ms

22 Apr 2015 21:19:41 [0f08] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18804_none_18fdc1e9a139c989\GWX.exe) took 5538 ms

 

22 Apr 2015 21:29:46 [0e94] - ***** Checking for specific ITW Viruses *****

 

22 Apr 2015 21:29:46 [0e94] - ***** Scanning complete. *****

 

22 Apr 2015 21:29:46 [0e94] - Total Objects Scanned: 701755

22 Apr 2015 21:29:46 [0e94] - Total Critical Objects: 20

22 Apr 2015 21:29:46 [0e94] - Total Disinfected Objects: 0

22 Apr 2015 21:29:46 [0e94] - Total Objects Renamed: 7

22 Apr 2015 21:29:46 [0e94] - Total Deleted Objects: 13

22 Apr 2015 21:29:46 [0e94] - Total Errors: 6

22 Apr 2015 21:29:46 [0e94] - Time Elapsed: 02:47:49

22 Apr 2015 21:29:46 [0e94] - Virus Database Date: 02 Mar 2015

22 Apr 2015 21:29:46 [0e94] - Virus Database Count: 6701505

22 Apr 2015 21:29:46 [0e94] - Sign Version: 7.59505 [518257]

 

22 Apr 2015 21:29:46 [0e94] - Scan Completed.

 

Zemana AntiMalware 2.10.2.18 (Installed)

-------------------------------------------------------

Scan Result           : Completed

Scan Date             : 2015/4/22

Operating System      : Windows 7 64-bit

Processor             : 2X AMD Athlon™ II X2 215 Processor

BIOS Mode             : Legacy

CUID                  : 0051198C6FEF144788D7F3

Scan Type             : Deep Scan

Duration              : 62m 59s

Scanned Objects       : 190803

Detected Objects      : 20

Excluded Objects      : 0

Read Level            : SCSI

Auto Upload           : Yes

Show All Extensions   : No

Scan Documents        : Yes

Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky

 

 

Detected Objects

-------------------------------------------------------

Firefox Search

   Status             : Scanned

   Object             : Chambers (UK) - http://chambers.co.uk

   MD5                : -

   Publisher          : -

   Size               : -

   Version            : -

   Detections         : Suspicious Browser Setting

   Cleaning Action    : Repair

   Traces             :

                Browser Setting - Firefox Search

 

GoogleUpdate.dll

   Status             : Scanned

   Object             : %programfiles%\google\chrome\application\googleupdate.dll

   MD5                : 9C3D9622E936066FD26D9D0340C13B06

   Publisher          : -

   Size               : 686592

   Version            : 37.0.2013.0

   Detections         : Eset: Win32/ExtenBro.AZ trojan

   Cleaning Action    : Quarantine

   Traces             :

                File - %programfiles%\google\chrome\application\googleupdate.dll

                Library - 3444

 

ASK4DB.tmp

   Status             : Scanned

   Object             : %userprofile%\desktop\L\other\new folder\L\appdata\local\temp\ask4db.tmp

   MD5                : C80C3B95CDD36EC191BF589BDFFB4D94

   Publisher          : Ask.com

   Size               : 113832

   Version            : 1.0.0.0

   Detections         : Eset: a variant of Win32/Bundled.Toolbar.Ask.G application

   Cleaning Action    : Quarantine

   Traces             :

                File - %userprofile%\desktop\L\other\new folder\L\appdata\local\temp\ask4db.tmp

 

vnsx66FE.tmp

   Status             : Scanned

   Object             : %appdata%\392d2600-1424627961-1020-0628-091015000000\vnsx66fe.tmp

   MD5                : F9713F2697A8512892F3A4248C41FED6

   Publisher          : -

   Size               : 340024

   Version            : 1.0.0.0

   Detections         : Kaspersky: UDS:DangerousObject.Multi.Generic

   Cleaning Action    : Quarantine

   Traces             :

                File - %appdata%\392d2600-1424627961-1020-0628-091015000000\vnsx66fe.tmp

 

nsh7F84.tmpfs

   Status             : Scanned

   Object             : %appdata%\392d2600-1424627961-1020-0628-091015000000\nsh7f84.tmpfs

   MD5                : 975C54BF36A02BE5D262371081C3CBB6

   Publisher          : -

   Size               : 141312

   Version            : -

   Detections         : AVG: Generic_r.ZN, Bitdefender: Application.Generic.1177528, Eset: a variant of Win32/Adware.ConvertAd.BM application, Kaspersky: not-a-virus:AdWare.Win32.AdSvc.br

   Cleaning Action    : Quarantine

   Traces             :

                File - %appdata%\392d2600-1424627961-1020-0628-091015000000\nsh7f84.tmpfs

 

31dc98a-2e93a31a.mwt

   Status             : Scanned

   Object             : %localappdata%low\sun\java\deployment\cache\6.0\10\31dc98a-2e93a31a.mwt

   MD5                : 71603878366F8001295B7E25308A02B3

   Publisher          : -

   Size               : 13666

   Version            : -

   Detections         : Avira: JAVA/Dldr.Themod.RC, Bitdefender: Java.Exploit.CVE-2012-1723.AE, Kaspersky: HEUR:Exploit.Java.CVE-2012-1723.359914.silent.4

   Cleaning Action    : Quarantine

   Traces             :

                File - %localappdata%low\sun\java\deployment\cache\6.0\10\31dc98a-2e93a31a.mwt

 

31a8e1d0-61d60375.mwt

   Status             : Scanned

   Object             : %localappdata%low\sun\java\deployment\cache\6.0\16\31a8e1d0-61d60375.mwt

   MD5                : 82AF8A1E9E04D23876EC181C8A468CEF

   Publisher          : -

   Size               : 26138

   Version            : -

   Detections         : Avira: EXP/CVE-2013-0422.B8.Gen, Bitdefender: Exploit.Java.CVE-2013-0422.F, Kaspersky: HEUR:Exploit.Java.Agent.318379.silent.5

   Cleaning Action    : Quarantine

   Traces             :

                File - %localappdata%low\sun\java\deployment\cache\6.0\16\31a8e1d0-61d60375.mwt

 

4b259051-4383b01c

   Status             : Scanned

   Object             : %localappdata%low\sun\java\deployment\cache\6.0\17\4b259051-4383b01c

   MD5                : F5A209F33016A256614F0CE8A37987BF

   Publisher          : -

   Size               : 7188

   Version            : -

   Detections         : AVG: Exploit.Java_c.NCY, Avira: EXP/CVE-2013-0422.B1.Gen, Kaspersky: HEUR:Exploit.Java.Generic

   Cleaning Action    : Quarantine

   Traces             :

                File - %localappdata%low\sun\java\deployment\cache\6.0\17\4b259051-4383b01c

 

nsxF9D2.tmp

   Status             : Scanned

   Object             : %temp%\nsxf9d2.tmp

   MD5                : 23F9A813959E218E805ECE1C99D166FC

   Publisher          : -

   Size               : 331914

   Version            : -

   Detections         : Kaspersky: Trojan.Win32.Staser.bckr

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\nsxf9d2.tmp

 

nsm404D.tmp

   Status             : Scanned

   Object             : %temp%\nsm404d.tmp

   MD5                : F99BA617F06B2DFD62CD23AE7C9484FD

   Publisher          : -

   Size               : 45438

   Version            : -

   Detections         : Zemana: Heur.Malicious

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\nsm404d.tmp

 

ICReinstall_3DS0240 - MH3.exe

   Status             : Scanned

   Object             : %temp%\icreinstall_3ds0240 - MH3.exe

   MD5                : 0224ADB8DC218CF5EC54DA0178DC530B

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\icreinstall_3ds0240 - MH3.exe

 

ICReinstall_3DS0451 - PYT.exe

   Status             : Scanned

   Object             : %temp%\icreinstall_3ds0451 - PYT.exe

   MD5                : 54EA5A6B46B26B6DDF602CAA36481C62

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\icreinstall_3ds0451 - PYT.exe

 

ICReinstall_3DS0134 - KIU.exe

   Status             : Scanned

   Object             : %temp%\icreinstall_3ds0134 - KIU.exe

   MD5                : A7A0E93CAD6188EC36A61296742CC578

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\icreinstall_3ds0134 - KIU.exe

 

awhBFA8.tmp

   Status             : Scanned

   Object             : %temp%\awhbfa8.tmp

   MD5                : BB079C7827CC9F110E789380BCCC4BC5

   Publisher          : OVERTON GLOBAL LLP

   Size               : 1933464

   Version            : 133.0.0.500

   Detections         : AVG: AdClicker.I, Avira: ADWARE/GigaClicks.101464

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\awhbfa8.tmp

 

3729179885406630175.exe.mwt

   Status             : Scanned

   Object             : %temp%\avcback\3729179885406630175.exe.mwt

   MD5                : BCA9530F77E9DA8610BD49713C1ADDA0

   Publisher          : -

   Size               : 2942464

   Version            : -

   Detections         : AVG: Generic6.QFA, Avira: TR/Rogue.2941952, Bitdefender: Trojan.GenericKD.2157660, Eset: a variant of Win32/Adware.MultiPlug.EX application, Kaspersky: not-a-virus:HEUR:AdWare.Win32.Generic

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\avcback\3729179885406630175.exe.mwt

 

ICReinstall_3DS0134 - KIU.exe

   Status             : Scanned

   Object             : %temp%\avcback\icreinstall_3ds0134 - KIU.exe

   MD5                : A7A0E93CAD6188EC36A61296742CC578

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\avcback\icreinstall_3ds0134 - KIU.exe

 

ICReinstall_3DS0240 - MH3.exe

   Status             : Scanned

   Object             : %temp%\avcback\icreinstall_3ds0240 - MH3.exe

   MD5                : 0224ADB8DC218CF5EC54DA0178DC530B

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\avcback\icreinstall_3ds0240 - MH3.exe

 

ICReinstall_3DS0451 - PYT.exe

   Status             : Scanned

   Object             : %temp%\avcback\icreinstall_3ds0451 - PYT.exe

   MD5                : 54EA5A6B46B26B6DDF602CAA36481C62

   Publisher          : Prompt IS (Fried Cookie Ltd.)

   Size               : 783768

   Version            : 0.0.0.0

   Detections         : Avira: PUA/InstallCore.Gen7, Eset: a variant of Win32/InstallCore.UE application

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\avcback\icreinstall_3ds0451 - PYT.exe

 

3729179885406630175.exe.mwt

   Status             : Scanned

   Object             : %temp%\3729179885406630175.exe.mwt

   MD5                : BCA9530F77E9DA8610BD49713C1ADDA0

   Publisher          : -

   Size               : 2942464

   Version            : -

   Detections         : AVG: Generic6.QFA, Avira: TR/Rogue.2941952, Bitdefender: Trojan.GenericKD.2157660, Eset: a variant of Win32/Adware.MultiPlug.EX application, Kaspersky: not-a-virus:HEUR:AdWare.Win32.Generic

   Cleaning Action    : Quarantine

   Traces             :

                File - %temp%\3729179885406630175.exe.mwt

 

setup[1].exe_a

   Status             : Scanned

   Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\i15gs6yb\setup[1].exe_a

   MD5                : 9C85C4DDF347368A3D23278B7AE5F214

   Publisher          : -

   Size               : 2578821

   Version            : 7.1.7.13

   Detections         : Avira: ADWARE/CrossRider.Gen

   Cleaning Action    : Quarantine

   Traces             :

                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\i15gs6yb\setup[1].exe_a

 

 

Cleaning Result

-------------------------------------------------------

Cleaned               : 20

Reported as safe      : 0

Failed                : 0

 

Zemana AntiMalware 2.10.2.18 (Installed)

-------------------------------------------------------

Scan Result           : Completed

Scan Date             : 2015/4/23

Operating System      : Windows 7 64-bit

Processor             : 2X AMD Athlon™ II X2 215 Processor

BIOS Mode             : Legacy

CUID                  : 0051198C6FEF144788D7F3

Scan Type             : Deep Scan

Duration              : 69m 39s

Scanned Objects       : 186813

Detected Objects      : 1

Excluded Objects      : 0

Read Level            : SCSI

Auto Upload           : Yes

Show All Extensions   : No

Scan Documents        : Yes

Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky

 

 

Detected Objects

-------------------------------------------------------

LatestDLMgr.exe

   Status             : Scanned

   Object             : %userprofile%\desktop\L\other\new folder\L\appdata\roaming\opencandy\opencandy_326a31f11c4c4de8910d339e84fc233a\latestdlmgr.exe

   MD5                : 45E75C0A8126600DA235B2D42A466EBE

   Publisher          : OpenCandy Inc.

   Size               : 356576

   Version            : -

   Detections         : Eset: a variant of Win32/OpenCandy.A potentially unsafe application

   Cleaning Action    : Quarantine

   Traces             :

                File - %userprofile%\desktop\L\other\new folder\L\appdata\roaming\opencandy\opencandy_326a31f11c4c4de8910d339e84fc233a\latestdlmgr.exe

 

 

Cleaning Result

-------------------------------------------------------

Cleaned               : 1

Reported as safe      : 0

Failed                : 0

# AdwCleaner v4.201 - Logfile created 23/04/2015 at 10:14:41

# Updated 08/04/2015 by Xplode

# Database : 2015-04-22.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : O - O-PC

# Running from : C:\Users\O\Desktop\adwcleaner_4.201 (1).exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Local AppWizard-Generated Applications

Key Deleted : HKU\.DEFAULT\Software\Local AppWizard-Generated Applications

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17728

 

 

-\\ Mozilla Firefox v36.0.4 (x86 en-GB)

 

 

-\\ Google Chrome v42.0.2311.90

 

 

*************************

 

AdwCleaner[R1].txt - [7468 bytes] - [14/04/2015 20:04:55]

AdwCleaner[R2].txt - [1119 bytes] - [23/04/2015 10:12:42]

AdwCleaner[S0].txt - [7427 bytes] - [14/04/2015 20:11:06]

AdwCleaner[S1].txt - [977 bytes] - [23/04/2015 10:14:41]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1035  bytes] ##########



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 23 April 2015 - 05:18 AM

Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the other instructions.

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 Lyuz

Lyuz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 23 April 2015 - 04:35 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

Adware Removal Tool v3.9

Time: 2015_04_23_11_52_10

OS: Windows 7 - 64 Bit

Account Name: O

U0L0S68

 

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

 

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\hl2\models\props_wasteland\prison_conduit001a.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\hl2\models\props_wasteland\prison_conduit001a.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\hl2\models\props_wasteland\prison_conduit001a.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\hl2\models\props_wasteland\prison_conduit001a.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_farm\conduit.vmt

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_farm\conduit.vtf

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_mining\conduit_outdoor01.vmt

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_mining\conduit_outdoor01.vtf

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_moonbase\moon_bluebase_conduit01.vmt

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_moonbase\moon_bluebase_conduit01.vtf

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_moonbase\moon_redbase_conduit01.vmt

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_moonbase\moon_redbase_conduit01.vtf

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_spytech\ceiling_conduit.vmt

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\materials\models\props_spytech\ceiling_conduit.vtf

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit01.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit01.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit01.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit01.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit02.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit02.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit02.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit02.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe01.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe01.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe01.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe01.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe02.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe02.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe02.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_farm\conduit_pipe02.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor256.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor256.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor256.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor256.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor384.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor384.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor384.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor384.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor512.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor512.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor512.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_mining\conduit_outdoor512.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_bluebase_conduit01.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_bluebase_conduit01.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_bluebase_conduit01.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit01.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit01.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit01.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit02.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit02.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_moonbase\moon_redbase_conduit02.vvd

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_spytech\ceiling_conduit.dx90.vtx

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_spytech\ceiling_conduit.mdl

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_spytech\ceiling_conduit.phy

Deleted - File - C:\program files (x86)\Steam\steamapps\common\SourceFilmmaker\game\tf\models\props_spytech\ceiling_conduit.vvd

Deleted - Folder - C:\ProgramData\WildTangent\eMachines Game Console\UI\htdocs2\Common\product\babylonia

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname

Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software:Smartbar

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

 

\\ Finished

 

 

~ ZHPCleaner v2015.4.23.183 by Nicolas Coolman (23/04/2015)

~ Run by O (Administrator)  (23/04/2015 19:33:52)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\O\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\O\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit Service Pack 1 (Build 7601)

 

 

---\\  Services (0)

~ No malicious items found.

 

 

---\\  Browser internet (1)

REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )

 

 

---\\  Hosts file (1)

~ The hosts file is legitimate (21)

 

 

---\\  Scheduled automatic tasks. (0)

~ No malicious items found.

 

 

---\\  Explorer ( File, Folder) (0)

~ No malicious items found.

 

 

---\\  Registry ( Key, Value, Data) (0)

~ No malicious items found.

 

 

---\\ Result of repair

~ Repair carried out successfully

~ Browser not found (Google Chrome)

~ Browser not found (Mozilla Firefox)

~ Browser not found (Opera Software)

 

 

---\\ Statistics

~ Items scanned : 62455

~ Items found : 0

~ Items cancelled : 0

~ Items repaired : 1

 

 

End of clean at 19:40:19

===================

ZHPCleaner-[R]-23042015-19_40_19.txt

 

Results of screen317's Security Check version 1.00 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Zemana AntiMalware   

 Java 8 Update 31 

 Java version 32-bit out of Date!

 Adobe Reader XI 

 Mozilla Firefox 36.0.4 Firefox out of Date! 

 Google Chrome (41.0.2272.118)

 Google Chrome (42.0.2311.90)

````````Process Check: objlist.exe by Laurent```````` 

 Zemana AntiMalware ZAM.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

 

MiniToolBox by Farbar  Version: 14-04-2015

Ran by O (administrator) on 23-04-2015 at 19:48:44

Running from "C:\Users\O\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Model: EL1352 Manufacturer: eMachines

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

NVIDIA nForce 10/100/1000 Mbps Ethernet  = Local Area Connection (Connected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : O-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : lan

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : lan

   Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

   Physical Address. . . . . . . . . : 00-26-2D-39-48-2C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::d00:49f6:61a2:87dc%10(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : 23 April 2015 07:03:37 PM

   Lease Expires . . . . . . . . . . : 24 April 2015 07:03:37 PM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 234890797

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-BE-D0-2D-00-26-2D-39-48-2C

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.lan:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : lan

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 11:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1831:255d:3f57:fe8e(Preferred)

   Link-local IPv6 Address . . . . . : fe80::1831:255d:3f57:fe8e%12(Preferred)

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  O2wirelessbox.lan

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2a00:1450:4009:80a::200e

                  216.58.208.46

 

 

Pinging google.com [216.58.210.46] with 32 bytes of data:

Reply from 216.58.210.46: bytes=32 time=23ms TTL=58

Reply from 216.58.210.46: bytes=32 time=22ms TTL=58

 

Ping statistics for 216.58.210.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 22ms, Maximum = 23ms, Average = 22ms

Server:  O2wirelessbox.lan

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  98.138.253.109

                  98.139.183.24

                  206.190.36.45

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=198ms TTL=53

Reply from 206.190.36.45: bytes=32 time=177ms TTL=53

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 177ms, Maximum = 198ms, Average = 187ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 10...00 26 2d 39 48 2c ......NVIDIA nForce 10/100/1000 Mbps Ethernet

  1...........................Software Loopback Interface 1

 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.113     20

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.113    276

    192.168.1.113  255.255.255.255         On-link     192.168.1.113    276

    192.168.1.255  255.255.255.255         On-link     192.168.1.113    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.113    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.113    276

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 12     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 12     58 2001::/32                On-link

 12    306 2001:0:5ef5:79fb:1831:255d:3f57:fe8e/128

                                    On-link

 10    276 fe80::/64                On-link

 12    306 fe80::/64                On-link

 10    276 fe80::d00:49f6:61a2:87dc/128

                                    On-link

 12    306 fe80::1831:255d:3f57:fe8e/128

                                    On-link

  1    306 ff00::/8                 On-link

 12    306 ff00::/8                 On-link

 10    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/23/2015 07:27:24 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/23/2015 07:04:13 PM) (Source: Application Error) (User: )

Description: Faulting application name: rsautoup_.exe, version: 3.1.6.1, time stamp: 0x4eeb154e

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0xc0000005

Fault offset: 0x0000d193

Faulting process id: 0x9dc

Faulting application start time: 0xrsautoup_.exe0

Faulting application path: rsautoup_.exe1

Faulting module path: rsautoup_.exe2

Report Id: rsautoup_.exe3

 

Error: (04/23/2015 00:08:22 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/23/2015 11:49:56 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/23/2015 11:49:43 AM) (Source: Application Error) (User: )

Description: Faulting application name: rsautoup_.exe, version: 3.1.6.1, time stamp: 0x4eeb154e

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0xc0000005

Fault offset: 0x0000d193

Faulting process id: 0x4c4

Faulting application start time: 0xrsautoup_.exe0

Faulting application path: rsautoup_.exe1

Faulting module path: rsautoup_.exe2

Report Id: rsautoup_.exe3

 

Error: (04/23/2015 11:39:43 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/23/2015 11:29:41 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/23/2015 11:29:40 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/23/2015 11:16:15 AM) (Source: Application Error) (User: )

Description: Faulting application name: rsautoup_.exe, version: 3.1.6.1, time stamp: 0x4eeb154e

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0xc0000005

Fault offset: 0x0000d193

Faulting process id: 0x12b8

Faulting application start time: 0xrsautoup_.exe0

Faulting application path: rsautoup_.exe1

Faulting module path: rsautoup_.exe2

Report Id: rsautoup_.exe3

 

Error: (04/23/2015 10:17:17 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (04/23/2015 07:06:01 PM) (Source: Service Control Manager) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (04/23/2015 07:04:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 07:03:59 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 07:03:59 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 07:03:59 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 07:03:59 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 07:03:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 00:09:12 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 00:09:12 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (04/23/2015 00:09:12 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

 

Microsoft Office Sessions:

=========================

Error: (04/23/2015 07:27:24 PM) (Source: SideBySide)(User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (04/23/2015 07:04:13 PM) (Source: Application Error)(User: )

Description: rsautoup_.exe3.1.6.14eeb154emsvcrt.dll7.0.7601.177444eeaf722c00000050000d1939dc01d07defdc997a70C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exeC:\Windows\syswow64\msvcrt.dll258b07d0-e9e3-11e4-ace9-00262d39482c

 

Error: (04/23/2015 00:08:22 PM) (Source: SideBySide)(User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (04/23/2015 11:49:56 AM) (Source: SideBySide)(User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (04/23/2015 11:49:43 AM) (Source: Application Error)(User: )

Description: rsautoup_.exe3.1.6.14eeb154emsvcrt.dll7.0.7601.177444eeaf722c00000050000d1934c401d07db32baa2020C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exeC:\Windows\syswow64\msvcrt.dll72b8dbf0-e9a6-11e4-b5eb-00262d39482c

 

Error: (04/23/2015 11:39:43 AM) (Source: SideBySide)(User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (04/23/2015 11:29:41 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\O\Desktop\esetsmartinstaller_enu.exe

 

Error: (04/23/2015 11:29:40 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\O\Desktop\esetsmartinstaller_enu.exe

 

Error: (04/23/2015 11:16:15 AM) (Source: Application Error)(User: )

Description: rsautoup_.exe3.1.6.14eeb154emsvcrt.dll7.0.7601.177444eeaf722c00000050000d19312b801d07dae8359a480C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exeC:\Windows\syswow64\msvcrt.dllc5c8f730-e9a1-11e4-bf71-00262d39482c

 

Error: (04/23/2015 10:17:17 AM) (Source: SideBySide)(User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-06-06 14:54:48.417

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-06-06 14:54:48.183

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-06-06 14:53:25.582

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-06-06 14:53:25.235

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-06-02 13:14:50.813

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-06-02 13:14:50.464

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CoachVc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

=========================== Installed Programs ============================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft MediaConverter 2.5 (HKLM-x32\...\{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}) (Version:  - ArcSoft)

ArcSoft MediaImpression (HKLM-x32\...\{18472E28-FCA0-421F-BDAC-AC65012E29F2}) (Version:  - ArcSoft)

Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software)

BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.6.2745 - Blueberry)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)

Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82 - WildTangent) Hidden

CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2610.50 - CyberLink Corp.)

CyberLink PowerDVD 9 (x32 Version: 9.0.2610.50 - CyberLink Corp.) Hidden

EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)

eMachines Game Console (x32 Version:  - WildTangent) Hidden

eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.80 - WildTangent)

eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)

eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)

eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

ffdshow [rev 1692] [2007-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)

Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3003 - Acer Incorporated)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Instagiffer version 1.58 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.58 - Justin Todd)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden

Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 36.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-GB)) (Version: 36.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 9 Essentials (HKLM-x32\...\{698e4e5e-702f-49c7-b017-14c1800c2d97}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden

Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden

Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden

Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden

Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden

Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden

Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden

Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden

Nero StartSmart OEM (x32 Version: 9.15.0.100 - Nero AG) Hidden

NeroExpress (x32 Version: 9.4.33.100 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)

NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)

NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)

NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Pool (x32 Version: 2.2.0.82 - WildTangent) Hidden

QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)

Remote PC Agent (HKLM-x32\...\{82730AAC-04BA-4684-A63F-286FB9847C15}) (Version: 5.00.000 - RSUPPORT)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

uMark 5 (HKLM-x32\...\uMark) (Version: 5.4 - Uconomix)

USB Tablet Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version:  - )

USB Tablet Manager (Version: 1.00.0000 - Your Company Name) Hidden

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8 - Azureus Software, Inc.)

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)

Wad2ISO (HKLM\...\Wad2ISO) (Version: 4.7.0.0 - Tristar aka Poida)

WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)

Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3013 - Acer Incorporated)

Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.10.2.18 - Zemana Ltd.)

Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

 

========================= Devices: ================================

 

Name: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Device ID: ACPI\PNP0F03\4&5532EA8&0

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 32%

Total physical RAM: 5887.37 MB

Available physical RAM: 3955.07 MB

Total Pagefile: 11772.93 MB

Available Pagefile: 9850.8 MB

Total Virtual: 4095.88 MB

Available Virtual: 3972.98 MB

 

========================= Partitions: =====================================

 

1 Drive c: (eMachines) (Fixed) (Total:282.99 GB) (Free:35.32 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\O-PC

 

Administrator            Guest                    O                       

UpdatusUser             

 

 

**** End of log ****

 

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir     a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined

C:\Program Files\Adware-Removal-Tool\ARTP3.exe       MSIL/FakeTool.PS trojan              cleaned by deleting - quarantined

C:\Users\O\Desktop\ccsetup418.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe

application          deleted - quarantined



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 23 April 2015 - 05:41 PM

How is your computer running?

Any reason you are not using an antivirus?



#7 Lyuz

Lyuz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 24 April 2015 - 02:45 AM

How is your computer running?

Any reason you are not using an antivirus?

 

It seems the virus is gone, thanks. Also I'm not using an antivirus because I'm just not sure which are good enough and I'm normally on safe websites anyway :) 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 24 April 2015 - 06:13 PM

I would suggest that you install one of the following.

 

Bitdefender free http://www.bitdefender.com/solutions/free.html

Avira free http://www.avira.com/en/avira-free-antivirus

 

 

 

Update you software.

https://patchmypc.net/freeupdater/PatchMyPC.exe

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users