Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dregol


  • Please log in to reply
7 replies to this topic

#1 bigbuck454

bigbuck454

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 25 April 2015 - 07:43 PM

Yes I discovered the dreaded  Dregol tab opened with my home page a few hours ago.  I do not know how it  invaded my Windows 8 computer.  Yes I need help to delete or UNINSTALL  this irritant.   Please assist me.  

Thanks, bigbuck454



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 25 April 2015 - 11:31 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 bigbuck454

bigbuck454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 26 April 2015 - 12:31 PM

Hello InadequateInfirmity,

 

Thank you for your time and for your help!

I now do NOT have the "Dregol" search tab popping up so maybe that is gone, however, now this computer is running really slow, extremely slower than before the "Dregol" infection.

 

 

Here are my scans:

 

26 Apr 2015 10:57:06 [0f3c] - **********************************************************
26 Apr 2015 10:57:06 [0f3c] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 10:57:06 [0f3c] - Copyright © MicroWorld Technologies
26 Apr 2015 10:57:06 [0f3c] - **********************************************************
26 Apr 2015 10:57:06 [0f3c] - Version 14.0.178 (C:\USERS\T\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
26 Apr 2015 10:57:06 [0f3c] - Log File: C:\Users\T\AppData\Local\Temp\LOG\MWAV.LOG
26 Apr 2015 10:57:06 [0f3c] - MWAV Registered: TRUE
26 Apr 2015 10:57:06 [0f3c] - User Account: T (Administrator Mode)
26 Apr 2015 10:57:06 [0f3c] - OS Type: Windows Workstation [InstallType: Client]
26 Apr 2015 10:57:06 [0f3c] - OS: Windows 8.1 64-Bit [OS Install Date: 25 Jul 2014 15:12:46]
26 Apr 2015 10:57:06 [0f3c] - Ver: Personal Build 9200
26 Apr 2015 10:57:06 [0f3c] - System Up Time: 18 Minutes, 57 Seconds
26 Apr 2015 10:57:06 [0f3c] - Parent Process Name : c:\Windows\explorer.exe
26 Apr 2015 10:57:06 [0f3c] - Windows Root  Folder: C:\Windows
26 Apr 2015 10:57:06 [0f3c] - Windows Sys32 Folder: C:\Windows\system32
26 Apr 2015 10:57:06 [0f3c] - DHCP NameServer: 75.75.76.76 75.75.75.75
26 Apr 2015 10:57:06 [0f3c] - Interface0 DHCPNameServer: 75.75.76.76 75.75.75.75
26 Apr 2015 10:57:06 [0f3c] - Interface1 DHCPNameServer: 40.51.1.13
26 Apr 2015 10:57:06 [0f3c] - ProxyServer: http=127.0.0.1:49182;https=127.0.0.1:49182
26 Apr 2015 10:57:06 [0f3c] - ProxyOverride: <-loopback>
26 Apr 2015 10:57:06 [0f3c] - Proxy Connection: DISABLED
26 Apr 2015 10:57:06 [0f3c] - Local Fixed Drives: c:\
26 Apr 2015 10:57:06 [0f3c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
26 Apr 2015 10:57:06 [0f3c] - [CREATED ZIP FILE: C:\Users\T\AppData\Local\Temp\pinfect.zip]
26 Apr 2015 10:57:12 [0f3c] - Latest Date of files inside MWAV: Sun Apr 26 16:40:26 2015.
26 Apr 2015 10:57:12 [0f3c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\T\AppData\Local\Temp\LOG\ESCANDB.LOG]
26 Apr 2015 10:57:13 [0f3c] - Loaded/Created FileScan Cache Database...
26 Apr 2015 10:57:13 [0f3c] - Loading AV Library [DB]...
26 Apr 2015 10:57:25 [0f3c] - ArchiveScan: DISABLED
26 Apr 2015 10:57:25 [0f3c] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
26 Apr 2015 10:57:25 [0f3c] - MWAV doing self scanning...
26 Apr 2015 10:57:26 [0f3c] - MWAV files are clean.
26 Apr 2015 10:57:27 [0f3c] - ArchiveScan: DISABLED
26 Apr 2015 10:57:27 [0f3c] - Virus Database Date: 26 Apr 2015
26 Apr 2015 10:57:27 [0f3c] - Virus Database Count: 5726455
26 Apr 2015 10:57:27 [0f3c] - Sign Version: 7.60298 [519050]
 
26 Apr 2015 10:58:28 [0f3c] - **********************************************************
26 Apr 2015 10:58:28 [0f3c] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 10:58:28 [0f3c] - Copyright © MicroWorld Technologies
26 Apr 2015 10:58:28 [0f3c] - 
26 Apr 2015 10:58:28 [0f3c] - Support: support@escanav.com
26 Apr 2015 10:58:28 [0f3c] - Web: http://www.escanav.com
26 Apr 2015 10:58:28 [0f3c] - **********************************************************
26 Apr 2015 10:58:28 [0f3c] - Version 14.0.178[DB] (C:\USERS\T\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
26 Apr 2015 10:58:28 [0f3c] - Log File: C:\Users\T\AppData\Local\Temp\LOG\MWAV.LOG
26 Apr 2015 10:58:28 [0f3c] - User Account: T (Administrator Mode)
26 Apr 2015 10:58:28 [0f3c] - Parent Process Name : c:\Windows\explorer.exe
26 Apr 2015 10:58:28 [0f3c] - Windows Root  Folder: C:\Windows
26 Apr 2015 10:58:28 [0f3c] - Windows Sys32 Folder: C:\Windows\system32
26 Apr 2015 10:58:28 [0f3c] - OS: Windows 8.1 64-Bit [OS Install Date: 25 Jul 2014 15:12:46]
26 Apr 2015 10:58:28 [0f3c] - Ver: Personal Build 9200
26 Apr 2015 10:58:28 [0f3c] - Latest Date of files inside MWAV: Sun Apr 26 16:40:26 2015.
 
26 Apr 2015 10:58:28 [11bc] - Options Selected by User:
26 Apr 2015 10:58:28 [11bc] - Memory Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Registry Check: Enabled
26 Apr 2015 10:58:28 [11bc] - StartUp Folder Check: Enabled
26 Apr 2015 10:58:28 [11bc] - System Folder Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Services Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Scan Spyware: Enabled
26 Apr 2015 10:58:28 [11bc] - Scan Archives: Disabled
26 Apr 2015 10:58:28 [11bc] - Drive Check: Enabled
26 Apr 2015 10:58:28 [11bc] - All Drive Check :Disabled
26 Apr 2015 10:58:28 [11bc] - Drive Selected = C:\
26 Apr 2015 10:58:28 [11bc] - Folder Check: Disabled
26 Apr 2015 10:58:28 [11bc] - SCAN: All_Files [ANSI]
26 Apr 2015 10:58:28 [11bc] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
26 Apr 2015 10:58:28 [11bc] - Scanning DNS Records...
26 Apr 2015 10:58:28 [11bc] - Scanning Master Boot Record (User)...
26 Apr 2015 10:58:28 [11bc] - Scanning Logical Boot Records...
26 Apr 2015 10:58:33 [11bc] - ***** Scanning For Hidden Rootkit Processes *****
26 Apr 2015 10:58:33 [11bc] - ***** Scanning For Hidden Rootkit Services *****
 
26 Apr 2015 10:58:36 [11bc] - ***** Scanning Memory Files *****
 
26 Apr 2015 10:58:42 [11bc] - ***** Scanning Registry Files *****
26 Apr 2015 10:58:42 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho.dll (in key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:00:04 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:00:06 [11bc] - ERROR(l)!!! Invalid Entry AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
26 Apr 2015 11:00:12 [11bc] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
26 Apr 2015 11:00:12 [11bc] - ***** Scanning StartUp Folders *****
 
26 Apr 2015 11:01:27 [11bc] - ***** Scanning Service Files *****
26 Apr 2015 11:01:29 [11bc] - Scanning File C:\Windows\System32\drivers\1394ohci.sys
26 Apr 2015 11:01:29 [11bc] - ERROR(2)!!! ScanFile Fails for C:\Windows\System32\drivers\1394ohci.sys...
26 Apr 2015 11:01:43 [11bc] - ERROR(2)!!! Invalid Entry \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D8C274D-97FC-42AC-AA28-4F91ADBCEADF}\MpKsla699d90b.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MpKsla699d90b.
26 Apr 2015 11:01:43 [11bc] - ERROR(2)!!! Invalid Entry system32\drivers\msahci.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\msahci.
26 Apr 2015 11:01:50 [11bc] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
26 Apr 2015 11:01:56 [11bc] - ***** Scanning Registry and File system for Adware/Spyware *****
26 Apr 2015 11:01:57 [11bc] - Loading Spyware Signatures from new External Database [Name: C:\Users\T\AppData\Local\Temp\spydb.avs, Size: 464724]...
26 Apr 2015 11:01:57 [11bc] - Indexed Spyware Databases Successfully Created...
 
 
26 Apr 2015 11:02:07 [11bc] - ***** Scanning Registry Files *****
26 Apr 2015 11:02:07 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:02:07 [11bc] - ERROR(l)!!! Invalid Entry AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
 
26 Apr 2015 11:02:08 [11bc] - ***** Scanning System32 Folders *****
 
 
26 Apr 2015 11:03:44 [11bc] - ***** Scanning Drive C:\ *****
26 Apr 2015 11:07:53 [0558] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_p?????.png
26 Apr 2015 11:07:53 [0fd8] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:53 [0bc0] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:53 [11cc] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:54 [0558] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:54 [0fd8] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_????.png
26 Apr 2015 11:09:08 [0558] - Scanning File C:\System Volume Information\{36cb4a6c-e899-11e4-82a3-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0fd8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [11cc] - Scanning File C:\System Volume Information\{299428a5-e09b-11e4-82a2-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0bc0] - Scanning File C:\System Volume Information\{25ae4c0c-dd3f-11e4-82a1-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0558] - Scanning File C:\System Volume Information\{52d812df-eba8-11e4-82a8-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
26 Apr 2015 11:27:54 [11bc] - ***** Checking for specific ITW Viruses *****
 
26 Apr 2015 11:27:54 [11bc] - ***** Scanning complete. *****
 
26 Apr 2015 11:27:54 [11bc] - Total Objects Scanned: 210743
26 Apr 2015 11:27:54 [11bc] - Total Critical Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Disinfected Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Objects Renamed: 0
26 Apr 2015 11:27:54 [11bc] - Total Deleted Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Errors: 9
26 Apr 2015 11:27:54 [11bc] - Time Elapsed: 00:29:25
26 Apr 2015 11:27:54 [11bc] - Virus Database Date: 26 Apr 2015
26 Apr 2015 11:27:54 [11bc] - Virus Database Count: 5726455
26 Apr 2015 11:27:54 [11bc] - Sign Version: 7.60298 [519050]
 
26 Apr 2015 11:27:54 [11bc] - Scan Completed.
-------------
26 Apr 2015 10:57:06 [0f3c] - **********************************************************
26 Apr 2015 10:57:06 [0f3c] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 10:57:06 [0f3c] - Copyright © MicroWorld Technologies
26 Apr 2015 10:57:06 [0f3c] - **********************************************************
26 Apr 2015 10:57:06 [0f3c] - Version 14.0.178 (C:\USERS\T\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
26 Apr 2015 10:57:06 [0f3c] - Log File: C:\Users\T\AppData\Local\Temp\LOG\MWAV.LOG
26 Apr 2015 10:57:06 [0f3c] - MWAV Registered: TRUE
26 Apr 2015 10:57:06 [0f3c] - User Account: T (Administrator Mode)
26 Apr 2015 10:57:06 [0f3c] - OS Type: Windows Workstation [InstallType: Client]
26 Apr 2015 10:57:06 [0f3c] - OS: Windows 8.1 64-Bit [OS Install Date: 25 Jul 2014 15:12:46]
26 Apr 2015 10:57:06 [0f3c] - Ver: Personal Build 9200
26 Apr 2015 10:57:06 [0f3c] - System Up Time: 18 Minutes, 57 Seconds
26 Apr 2015 10:57:06 [0f3c] - Parent Process Name : c:\Windows\explorer.exe
26 Apr 2015 10:57:06 [0f3c] - Windows Root  Folder: C:\Windows
26 Apr 2015 10:57:06 [0f3c] - Windows Sys32 Folder: C:\Windows\system32
26 Apr 2015 10:57:06 [0f3c] - DHCP NameServer: 75.75.76.76 75.75.75.75
26 Apr 2015 10:57:06 [0f3c] - Interface0 DHCPNameServer: 75.75.76.76 75.75.75.75
26 Apr 2015 10:57:06 [0f3c] - Interface1 DHCPNameServer: 40.51.1.13
26 Apr 2015 10:57:06 [0f3c] - ProxyServer: http=127.0.0.1:49182;https=127.0.0.1:49182
26 Apr 2015 10:57:06 [0f3c] - ProxyOverride: <-loopback>
26 Apr 2015 10:57:06 [0f3c] - Proxy Connection: DISABLED
26 Apr 2015 10:57:06 [0f3c] - Local Fixed Drives: c:\
26 Apr 2015 10:57:06 [0f3c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
26 Apr 2015 10:57:06 [0f3c] - [CREATED ZIP FILE: C:\Users\T\AppData\Local\Temp\pinfect.zip]
26 Apr 2015 10:57:12 [0f3c] - Latest Date of files inside MWAV: Sun Apr 26 16:40:26 2015.
26 Apr 2015 10:57:12 [0f3c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\T\AppData\Local\Temp\LOG\ESCANDB.LOG]
26 Apr 2015 10:57:13 [0f3c] - Loaded/Created FileScan Cache Database...
26 Apr 2015 10:57:13 [0f3c] - Loading AV Library [DB]...
26 Apr 2015 10:57:25 [0f3c] - ArchiveScan: DISABLED
26 Apr 2015 10:57:25 [0f3c] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
26 Apr 2015 10:57:25 [0f3c] - MWAV doing self scanning...
26 Apr 2015 10:57:26 [0f3c] - MWAV files are clean.
26 Apr 2015 10:57:27 [0f3c] - ArchiveScan: DISABLED
26 Apr 2015 10:57:27 [0f3c] - Virus Database Date: 26 Apr 2015
26 Apr 2015 10:57:27 [0f3c] - Virus Database Count: 5726455
26 Apr 2015 10:57:27 [0f3c] - Sign Version: 7.60298 [519050]
 
26 Apr 2015 10:58:28 [0f3c] - **********************************************************
26 Apr 2015 10:58:28 [0f3c] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 10:58:28 [0f3c] - Copyright © MicroWorld Technologies
26 Apr 2015 10:58:28 [0f3c] - 
26 Apr 2015 10:58:28 [0f3c] - Support: support@escanav.com
26 Apr 2015 10:58:28 [0f3c] - Web: http://www.escanav.com
26 Apr 2015 10:58:28 [0f3c] - **********************************************************
26 Apr 2015 10:58:28 [0f3c] - Version 14.0.178[DB] (C:\USERS\T\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
26 Apr 2015 10:58:28 [0f3c] - Log File: C:\Users\T\AppData\Local\Temp\LOG\MWAV.LOG
26 Apr 2015 10:58:28 [0f3c] - User Account: T (Administrator Mode)
26 Apr 2015 10:58:28 [0f3c] - Parent Process Name : c:\Windows\explorer.exe
26 Apr 2015 10:58:28 [0f3c] - Windows Root  Folder: C:\Windows
26 Apr 2015 10:58:28 [0f3c] - Windows Sys32 Folder: C:\Windows\system32
26 Apr 2015 10:58:28 [0f3c] - OS: Windows 8.1 64-Bit [OS Install Date: 25 Jul 2014 15:12:46]
26 Apr 2015 10:58:28 [0f3c] - Ver: Personal Build 9200
26 Apr 2015 10:58:28 [0f3c] - Latest Date of files inside MWAV: Sun Apr 26 16:40:26 2015.
 
26 Apr 2015 10:58:28 [11bc] - Options Selected by User:
26 Apr 2015 10:58:28 [11bc] - Memory Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Registry Check: Enabled
26 Apr 2015 10:58:28 [11bc] - StartUp Folder Check: Enabled
26 Apr 2015 10:58:28 [11bc] - System Folder Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Services Check: Enabled
26 Apr 2015 10:58:28 [11bc] - Scan Spyware: Enabled
26 Apr 2015 10:58:28 [11bc] - Scan Archives: Disabled
26 Apr 2015 10:58:28 [11bc] - Drive Check: Enabled
26 Apr 2015 10:58:28 [11bc] - All Drive Check :Disabled
26 Apr 2015 10:58:28 [11bc] - Drive Selected = C:\
26 Apr 2015 10:58:28 [11bc] - Folder Check: Disabled
26 Apr 2015 10:58:28 [11bc] - SCAN: All_Files [ANSI]
26 Apr 2015 10:58:28 [11bc] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
26 Apr 2015 10:58:28 [11bc] - Scanning DNS Records...
26 Apr 2015 10:58:28 [11bc] - Scanning Master Boot Record (User)...
26 Apr 2015 10:58:28 [11bc] - Scanning Logical Boot Records...
26 Apr 2015 10:58:33 [11bc] - ***** Scanning For Hidden Rootkit Processes *****
26 Apr 2015 10:58:33 [11bc] - ***** Scanning For Hidden Rootkit Services *****
 
26 Apr 2015 10:58:36 [11bc] - ***** Scanning Memory Files *****
 
26 Apr 2015 10:58:42 [11bc] - ***** Scanning Registry Files *****
26 Apr 2015 10:58:42 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho.dll (in key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:00:04 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:00:06 [11bc] - ERROR(l)!!! Invalid Entry AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
26 Apr 2015 11:00:12 [11bc] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
26 Apr 2015 11:00:12 [11bc] - ***** Scanning StartUp Folders *****
 
26 Apr 2015 11:01:27 [11bc] - ***** Scanning Service Files *****
26 Apr 2015 11:01:29 [11bc] - Scanning File C:\Windows\System32\drivers\1394ohci.sys
26 Apr 2015 11:01:29 [11bc] - ERROR(2)!!! ScanFile Fails for C:\Windows\System32\drivers\1394ohci.sys...
26 Apr 2015 11:01:43 [11bc] - ERROR(2)!!! Invalid Entry \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D8C274D-97FC-42AC-AA28-4F91ADBCEADF}\MpKsla699d90b.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MpKsla699d90b.
26 Apr 2015 11:01:43 [11bc] - ERROR(2)!!! Invalid Entry system32\drivers\msahci.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\msahci.
26 Apr 2015 11:01:50 [11bc] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
26 Apr 2015 11:01:56 [11bc] - ***** Scanning Registry and File system for Adware/Spyware *****
26 Apr 2015 11:01:57 [11bc] - Loading Spyware Signatures from new External Database [Name: C:\Users\T\AppData\Local\Temp\spydb.avs, Size: 464724]...
26 Apr 2015 11:01:57 [11bc] - Indexed Spyware Databases Successfully Created...
 
 
26 Apr 2015 11:02:07 [11bc] - ***** Scanning Registry Files *****
26 Apr 2015 11:02:07 [11bc] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-bho64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}). Action Taken: Removing it.
26 Apr 2015 11:02:07 [11bc] - ERROR(l)!!! Invalid Entry AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
 
26 Apr 2015 11:02:08 [11bc] - ***** Scanning System32 Folders *****
 
 
26 Apr 2015 11:03:44 [11bc] - ***** Scanning Drive C:\ *****
26 Apr 2015 11:07:53 [0558] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_p?????.png
26 Apr 2015 11:07:53 [0fd8] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:53 [0bc0] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:53 [11cc] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:54 [0558] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_??.png
26 Apr 2015 11:07:54 [0fd8] - Scanning File C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e\Assets\flags\flag_????.png
26 Apr 2015 11:09:08 [0558] - Scanning File C:\System Volume Information\{36cb4a6c-e899-11e4-82a3-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0fd8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [11cc] - Scanning File C:\System Volume Information\{299428a5-e09b-11e4-82a2-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0bc0] - Scanning File C:\System Volume Information\{25ae4c0c-dd3f-11e4-82a1-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 11:09:08 [0558] - Scanning File C:\System Volume Information\{52d812df-eba8-11e4-82a8-40167ee5922d}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
26 Apr 2015 11:27:54 [11bc] - ***** Checking for specific ITW Viruses *****
 
26 Apr 2015 11:27:54 [11bc] - ***** Scanning complete. *****
 
26 Apr 2015 11:27:54 [11bc] - Total Objects Scanned: 210743
26 Apr 2015 11:27:54 [11bc] - Total Critical Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Disinfected Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Objects Renamed: 0
26 Apr 2015 11:27:54 [11bc] - Total Deleted Objects: 0
26 Apr 2015 11:27:54 [11bc] - Total Errors: 9
26 Apr 2015 11:27:54 [11bc] - Time Elapsed: 00:29:25
26 Apr 2015 11:27:54 [11bc] - Virus Database Date: 26 Apr 2015
26 Apr 2015 11:27:54 [11bc] - Virus Database Count: 5726455
26 Apr 2015 11:27:54 [11bc] - Sign Version: 7.60298 [519050]
 
26 Apr 2015 11:27:54 [11bc] - Scan Completed.
----------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.4 (04.26.2015:1)
OS: Windows 8.1 Connected x64
Ran by T on Sun 04/26/2015 at 12:11:20.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1625883568-4156675713-1549296976-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1625883568-4156675713-1549296976-500
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622612261}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655615561}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666616661}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644614461}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622612261}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655615561}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666616661}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644614461}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611611161}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655615561}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666616661}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644614461}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Users\T\appdata\local\globalupdate
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/26/2015 at 12:14:56.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------
# AdwCleaner v4.202 - Logfile created 26/04/2015 at 12:26:20
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : T - ASUS
# Running from : C:\Users\T\Downloads\adwcleaner_4.202 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\T\AppDaTa\LocalLow\zoomify
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
 
***** [ Scheduled tasks ] *****
 
Task Deleted : RocketTab
Task Deleted : RocketTab Update Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\d4afea79-414d-41aa-8f93-1257a3ba8e02
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\rttasks
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "aaaaaiabcopkplhgaedhbloeejhhankf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "homepage", "management", "nativeMessaging", "searchProvider", "startupPages", "storage", "tabs", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [ {
                  "chrome_settings_overrides": false
               } ],
               "scriptable_host": [ "*://*.ask.com/
 
*************************
 
AdwCleaner[R0].txt - [5932 bytes] - [26/04/2015 12:19:59]
AdwCleaner[R1].txt - [5995 bytes] - [26/04/2015 12:25:06]
AdwCleaner[S0].txt - [5819 bytes] - [26/04/2015 12:26:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5878  bytes] ##########
 


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 26 April 2015 - 04:15 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 bigbuck454

bigbuck454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 26 April 2015 - 09:44 PM

Thank you, here are the scans.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_04_26_19_59_46
OS: Windows 8 - 64 Bit
Account Name: T
U0L0S14
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3036315b-c87a-4740-9700-215e2aa6b39d}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3036315b-c87a-4740-9700-215e2aa6b39d}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7883fb25_0:
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
---------------------
~ ZHPCleaner v2015.4.26.191 by Nicolas Coolman (26/04/2015)
~ Run by T (Administrator)  (26/04/2015 20:49:19)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\T\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\T\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (3)
MOVED file: C:\Windows\Prefetch\VOPACKAGE.EXE-0C8F15C5.pf   (Adware.Downware)
MOVED file: C:\Users\T\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED folder*: C:\Program Files (x86)\ca4551cf-5d5e-43c9-93ff-1e8514008cc8 (Adware.CrossRider)
 
 
---\\  Registry ( Key, Value, Data) (3)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261} [da025ad951204237900c3cae637586ab0066161.Sandbox] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561} [ICrossriderBHO] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661} [ISandBox] (Adware.CrossRider)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 3222
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6
 
 
End of clean at 20:49:34
===================
ZHPCleaner-[R]-26042015-20_49_34.txt
ZHPCleaner-[S]-26042015-20_46_21.txt
----------------------------MiniToolBox by Farbar  Version: 14-04-2015
Ran by T (administrator) on 26-04-2015 at 20:58:11
Running from "C:\Users\T\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Model: X551MA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Asus
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-27-1E-6E-3A-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 54-27-1E-6E-3A-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::186b:2f9a:7b8c:7adb%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.13(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, April 26, 2015 8:52:10 PM
   Lease Expires . . . . . . . . . . : Sunday, May 3, 2015 8:52:15 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 72623902
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-F7-F3-B1-40-16-7E-E5-92-2D
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wds-13.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 40-16-7E-E5-92-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:18c8:21b3:b648:d77e(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::18c8:21b3:b648:d77e%7(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-F7-F3-B1-40-16-7E-E5-92-2D
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{3982762B-038A-44F8-AE95-AF99FC478623}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    google.com
Addresses:  2607:f8b0:4006:80f::200e
 173.194.123.41
 173.194.123.34
 173.194.123.33
 173.194.123.37
 173.194.123.40
 173.194.123.32
 173.194.123.46
 173.194.123.39
 173.194.123.35
 173.194.123.38
 173.194.123.36
 
 
Pinging google.com [173.194.123.40] with 32 bytes of data:
Reply from 173.194.123.40: bytes=32 time=24ms TTL=55
Reply from 173.194.123.40: bytes=32 time=25ms TTL=55
 
Ping statistics for 173.194.123.40:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=92ms TTL=51
Reply from 206.190.36.45: bytes=32 time=91ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 92ms, Average = 91ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...16 27 1e 6e 3a 9c ......Microsoft Wi-Fi Direct Virtual Adapter
  4...54 27 1e 6e 3a 9c ......Qualcomm Atheros AR9485 Wireless Network Adapter
  3...40 16 7e e5 92 2d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.13     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.13    281
        10.0.0.13  255.255.255.255         On-link         10.0.0.13    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.13    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.13    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.13    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:90d7:18c8:21b3:b648:d77e/128
                                    On-link
  4    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  4    281 fe80::186b:2f9a:7b8c:7adb/128
                                    On-link
  7    306 fe80::18c8:21b3:b648:d77e/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/26/2015 08:55:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
Exception code: 0x80000003
Fault offset: 0x012445a0
Faulting process id: 0x1164
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (04/25/2015 07:27:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x000006ba
Fault offset: 0x00012f71
Faulting process id: 0xb3c
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5
 
Error: (04/21/2015 05:22:50 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5bc
 
Start Time: 01d07c146cd2c1c0
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: c9dff935-e807-11e4-82a2-40167ee5922d
 
Faulting package full name: Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (04/21/2015 05:21:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: Package Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (04/20/2015 11:57:00 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8e4
 
Start Time: 01d07b50cae2b9e2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: ac96e4fc-e775-11e4-82a2-40167ee5922d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/06/2015 00:31:56 PM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (03/09/2015 08:05:55 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1264
 
Start Time: 01d05a6111e32557
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 98fee412-c654-11e4-8296-40167ee5922d
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (03/09/2015 08:05:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: Package microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail was terminated because it took too long to suspend.
 
Error: (03/09/2015 08:03:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/09/2015 08:03:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ASUS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/26/2015 08:52:35 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/26/2015 08:52:19 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/26/2015 08:07:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (04/26/2015 08:06:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/26/2015 00:26:52 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/26/2015 00:26:22 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/26/2015 00:26:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/26/2015 00:26:22 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/26/2015 00:26:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/26/2015 00:26:20 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/26/2015 08:55:06 PM) (Source: Application Error)(User: )
Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1dea80000003012445a0116401d08084ac1ca0c8C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dll0b3b63a8-ec78-11e4-82af-40167ee5922d
 
Error: (04/25/2015 07:27:20 AM) (Source: Application Error)(User: )
Description: setup.exe_unknown0.0.0.02a425e19KERNELBASE.dll6.3.9600.1727853eeb460000006ba00012f71b3c01d07f4ac4ee9bacC:\Users\T\AppData\Local\Temp\TMP509~1\setup.exeC:\Windows\SYSTEM32\KERNELBASE.dll08ab554b-eb3e-11e4-82a3-40167ee5922d
 
Error: (04/21/2015 05:22:50 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.170315bc01d07c146cd2c1c04294967295C:\Windows\system32\wwahost.exec9dff935-e807-11e4-82a2-40167ee5922dMicrosoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbweApp
 
Error: (04/21/2015 05:21:27 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe+App
 
Error: (04/20/2015 11:57:00 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.3.9600.176678e401d07b50cae2b9e24294967295C:\Windows\Explorer.EXEac96e4fc-e775-11e4-82a2-40167ee5922d
 
Error: (04/06/2015 00:31:56 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (03/09/2015 08:05:55 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17031126401d05a6111e325574294967295C:\Windows\system32\wwahost.exe98fee412-c654-11e4-8296-40167ee5922dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (03/09/2015 08:05:38 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail
 
Error: (03/09/2015 08:03:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170
 
Error: (03/09/2015 08:03:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ASUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170
 
 
 
=========================== Installed Programs ============================
7zip Packages (HKCU\...\7zip Packages) (Version:  - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel® Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
Wipe (HKLM\...\wipe) (Version: 2015.03 - PrivacyRoot.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.10.2.18 - Zemana Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 36%
Total physical RAM: 3982.68 MB
Available physical RAM: 2520.87 MB
Total Pagefile: 4302.68 MB
Available Pagefile: 2676.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.34 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:409.31 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ASUS
 
Administrator            Guest                    T                        
 
 
**** End of log ****
---------------------------------------
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Users\T\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\T\Downloads\ccsetup505 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\T\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 27 April 2015 - 05:21 AM

How is your computer running now?Any issues?



#7 bigbuck454

bigbuck454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 27 April 2015 - 06:20 PM

InadequateInfirmirity,

 

My computer is running normal again! Thanks a million for all of your Awesome help in my dilemma!



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 27 April 2015 - 07:10 PM

You need to have an antivirus, are you at least running windows defender?

 

I would suggest one of the following.

 

Avast Free. https://www.avast.com/index

Bitdefender Free. http://www.bitdefender.com/solutions/free.html

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users