Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help: Getting an error message 'The setup files are corrupted....'


  • Please log in to reply
20 replies to this topic

#1 abyss_of_mediocrity

abyss_of_mediocrity

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 07:18 PM

Hi everyone

 

Need help with some behaviour on my PC that is, literally, driving me crazy. 

 

PC Specs:

OS:  Windows 7 Home Premium

CPU: i3-4330

...Let me know if any other details are required.

 

The Problem

Leaving out the history, here's the current situation:

 

Whenever I try to download a program/ application from the web, I get an error message saying:  "The setup files are corrupted.  Please obtain a new copy of the program."*   It doesn't matter if it's Malwarebytes or some random no-name application, I'll get one error or another.  The other main error I'll get (for example, when trying to download/ install Microsoft Safety Scanner) is something about "This is not a valid Win32 Application". 

 

* = If I may introduce some complexity into the problem - the issue does not strictly have to do with 'fresh' downloads.  When I first set up this computer, one of the first things I did was download mbam and rkill.  I went back to try and install that version of mbam, and it also gave me this error message.  However, installing from that original version of rkill gave me no problems.

 

 

Attempted Remediation Steps

1.  I have BitDefender Internet Security installed already.  Running it yields no infections.

1b.  I have also run BitDefender in 'RescueMode'; no infections are found.

2.  I have run rkill; it stated that no Malware processes were running. 

3.  This problem has happened to me on multiple PCs; I'm fed up to the extent that I actually went out and bought a new:  Motherboard, SSD, and wireless adapter.   Currently, the only pieces that are shared from the previous machine are the CPU, the GPU, the power supply, and the RAM.  The mobo, SSD, and wireless network card were simultaneously installed afresh.  I am no longer using an HDD for the timebeing.

 

Prior to buying new hardware, I had done the following, in an escalating fashion on the old machine:

a ) Run WebRoot/ Rkill/ mbam/ TDSSkiller - all came up clean

b ) Re-install Windows 7 from the original CD

c ) Done a deep format of all my hard drives (SSD and HDD both), and then re-installed Windows

d ) Repaired the mbr record.  Then tried re-installing Windows.

 

However, none of the items above worked; upon installing Windows 7, I would experience the same problem.

 

 

After replacing the hardware (mentiond in step 3), I enjoyed about 2 weeks of peace, but today my world came shattering down again. 

 

 

For those of you have a deep background in computer architecture, here's something for you to chew on: I've run some tests in the meantime, right as I'm making this post; I have PIA VPN installed on my current machine.  When I am connected to the VPN, it appears I can download and install anything I want (I just tested mbam and Windows Safety Scanner in particular).  However, this is not good enough, as I'm clearly having issues with my computer.

 

It's possible my previous steps were all looking in the wrong direction.   Event Viewer is showing a number of errors over the last few weeks, but I never focused on that.

 

However, now that the experts have context, please let me know where to begin/ what to do.

 

 

Thanks,


Edited by abyss_of_mediocrity, 27 April 2015 - 07:24 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 27 April 2015 - 07:27 PM

Hello, can you download fine in safemode with networking?

http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

 

Does this happen in multiple browsers? Or are you only using internet Explorer?



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 27 April 2015 - 07:29 PM

Since you can download Via your VPN please do the following.

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.


 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document


#4 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 07:53 PM

Hello, can you download fine in safemode with networking?

http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

 

Does this happen in multiple browsers? Or are you only using internet Explorer?

 

The issue happens in Safemode with Networking as well.

 

Also, to clarify by default I use Firefox.  However, I just tested both FF and IE in Safemode + Networking, and can verify that browser choice does not make a difference - problem still occurs.  

 

Please standby as I run the instructions from your second post. 

 

Thanks,


Edited by abyss_of_mediocrity, 27 April 2015 - 07:54 PM.


#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 27 April 2015 - 08:10 PM

Ok, post the logs when complete. :)



#6 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 08:35 PM

Lets try this again... here are the mbar logs while 9-lab finishes updating:

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.27.05
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17728
Home :: HOME-PC [administrator]

4/27/2015 9:11:32 PM
mbar-log-2015-04-27 (21-11-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 421252
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

***

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17728

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.498000 GHz
Memory total: 8530157568, free: 6186528768

Downloaded database version: v2015.04.27.05
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
=======================================
Initializing...
------------ Kernel report ------------
     04/27/2015 21:11:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Dathrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.27.05
  rootkit: v2015.04.21.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800722c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800722cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800722c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007011060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6503F27B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488187904

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


Edited by abyss_of_mediocrity, 27 April 2015 - 08:36 PM.


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 27 April 2015 - 08:45 PM

I would like you to reset your router to factory settings and see if you are able to download.

http://www.wikihow.com/Reset-a-Linksys-Router

 

Follow the instructions for the Hard reset.  Test downloads...

 

Then follow up with the scans below.

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 08:52 PM

Thanks for your help InadequateInfirmity, I'm trying to catch up!

 

In the meantime, here are the logs from 9-Labs... they didnt find anything either, except for PIA:

 

9-lab Removal Tool 1.0.0.34 BETA
9-lab.com


Database version: 103.30663

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17728
Home :: HOME-PC

4/27/2015 9:37:53 PM
9lab-log-2015-04-27 (21-37-53).txt

Scan type: Full
Objects scanned: 35506
Time Elapsed: 7 m 1 s

Memory Processes detected: 2
[C1AF2F760CE27A038205AA532B97115F] Malware.Win32.Gen.sm!s9 [(PID:6100) C:\Program Files\pia_manager\pia_manager.exe]
[C1AF2F760CE27A038205AA532B97115F] Malware.Win32.Gen.sm!s9 [(PID:5592) C:\Program Files\pia_manager\pia_manager.exe]


Files detected: 3
[C1AF2F760CE27A038205AA532B97115F] Malware.Win32.Gen.sm!s9 [C:\Program Files\pia_manager\pia_manager.exe]
[6CCAA2616E5BB70201C3EAA285F92555] Malware.Win32.Gen.sm!s9 [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access\Private Internet Access.lnk]
[FC213418805E200E2E845F26A65514C6] Malware.Win32.Gen.sm!s9 [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access\Reinstall TAP Driver.lnk]

 

 

Logs from Security Check:

 

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
 

 

 

Resetting router + following instructions from most recent post... please stand by.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 27 April 2015 - 09:02 PM

:thumbup2:



#10 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 10:29 PM

Ok so I did a hard reset on the router and ran some tests by downloading a few programs afterwards - it works!  Thanks!

(Although, to be honest, I'm surprised it seems to be a router issue because a) I have another laptop on the same network and that's not having any issues, and B) I connected the 'infected' PC to a different network and still had the issues... with my old machine; not new).

 

Anyhow, I went ahead and ran the other tests.

 

1.  Adware Log:

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_04_27_22_51_58
OS: Windows 7 - 64 Bit
Account Name: Home
U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished
 

 

 

2.  ZHP Cleaner I had some issues with; my computer slowed to a crawl (so I wasnt able to download anything)... I skipped this step for now.

 

3.  I did download MiniToolBox, and the log is as follows:

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Home (administrator) on 27-04-2015 at 23:03:02
Running from "C:\Users\Home\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

D-Link DWA-566 Wireless N 300 Dual Band PCIe Desktop Adapter = Wireless Network Connection (Connected)
Intel® Ethernet Connection (2) I218-V = Local Area Connection (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-AA-4D-AD-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : D-Link DWA-566 Wireless N 300 Dual Band PCIe Desktop Adapter
   Physical Address. . . . . . . . . : F8-E9-03-AE-A6-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a8b9:2162:c1b2:442d%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 27, 2015 10:51:18 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 28, 2015 10:51:19 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 486074627
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-BE-3C-89-08-62-66-C5-78-E7
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I218-V
   Physical Address. . . . . . . . . : 08-62-66-C5-78-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D911A394-D1B6-4C1C-841C-DA2B1B10446A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AA4DAD88-2DFF-4B61-BBD8-6F5782ABD45C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C7F3BE45-588F-4A29-94CA-8A1F83353AD3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dlinkrouter
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  2607:f8b0:400b:806::1001


Pinging google.com [173.194.43.67] with 32 bytes of data:
Request timed out.
Reply from 173.194.43.67: bytes=32 time=21ms TTL=57

Ping statistics for 173.194.43.67:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 21ms, Average = 21ms
Server:  dlinkrouter
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Request timed out.
Reply from 206.190.36.45: bytes=32 time=95ms TTL=52

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 95ms, Maximum = 95ms, Average = 95ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...00 ff aa 4d ad 88 ......TAP-Win32 Adapter V9
 13...f8 e9 03 ae a6 d4 ......D-Link DWA-566 Wireless N 300 Dual Band PCIe Desktop Adapter
 11...08 62 66 c5 78 e7 ......Intel® Ethernet Connection (2) I218-V
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.103    281
    192.168.0.103  255.255.255.255         On-link     192.168.0.103    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::a8b9:2162:c1b2:442d/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/27/2015 10:31:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 09:31:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 09:29:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0x0eedfade
Fault offset: 0x000000000001aaad
Faulting process id: 0x858
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/27/2015 09:29:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0x0eedfade
Fault offset: 0x000000000001aaad
Faulting process id: 0x1160
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/27/2015 09:28:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0x0eedfade
Fault offset: 0x000000000001aaad
Faulting process id: 0x1308
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/27/2015 09:28:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0xc000041d
Fault offset: 0x000000000001aaad
Faulting process id: 0xdb4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/27/2015 09:28:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a
Exception code: 0x0eedfade
Fault offset: 0x000000000001aaad
Faulting process id: 0xdb4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/27/2015 09:24:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 08:53:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 07:30:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/27/2015 11:02:51 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 11:01:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 11:01:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 11:01:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 11:00:12 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 10:59:07 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 10:59:07 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 10:57:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 10:56:35 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/27/2015 10:55:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (04/27/2015 10:31:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 09:31:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 09:29:24 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4KERNELBASE.dll6.1.7601.187985507b87a0eedfade000000000001aaad85801d08152bbcba8f5C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll000f5f33-ed46-11e4-8f03-086266c578e7

Error: (04/27/2015 09:29:04 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4KERNELBASE.dll6.1.7601.187985507b87a0eedfade000000000001aaad116001d08152b1c4adffC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllf40a69e5-ed45-11e4-8f03-086266c578e7

Error: (04/27/2015 09:28:47 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4KERNELBASE.dll6.1.7601.187985507b87a0eedfade000000000001aaad130801d08152aaa0e09cC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dlle9f64f5d-ed45-11e4-8f03-086266c578e7

Error: (04/27/2015 09:28:40 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4KERNELBASE.dll6.1.7601.187985507b87ac000041d000000000001aaaddb401d08151e7e971b8C:\Windows\Explorer.EXEC:\Windows\system32\KERNELBASE.dlle61731ea-ed45-11e4-8f03-086266c578e7

Error: (04/27/2015 09:28:35 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4KERNELBASE.dll6.1.7601.187985507b87a0eedfade000000000001aaaddb401d08151e7e971b8C:\Windows\Explorer.EXEC:\Windows\system32\KERNELBASE.dlle33d2c3a-ed45-11e4-8f03-086266c578e7

Error: (04/27/2015 09:24:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 08:53:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 07:30:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-04-27 22:51:44.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 22:29:26.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:50:49.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:39:11.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:30:04.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:23:08.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:22:41.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 21:09:17.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 20:51:22.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-27 20:45:51.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
CPUID ASUS CPU-Z 1.69 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
D-Link DWA-566 (HKLM-x32\...\{DD6B32E2-9F54-4FFE-B2A7-CF375904A7FB}) (Version:  - D-Link)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Galactic Civilizations® II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version:  - Stardock Entertainment)
Intel® Chipset Device Software (Version: 10.0.20 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.45.14 - Oracle Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Control Panel 306.23 (Version: 306.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0623 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Turbo LAN v9.05 (HKLM\...\Turbo LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version:  - YouNeedABudget.com)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8134.99 MB
Available physical RAM: 6050.28 MB
Total Pagefile: 16268.18 MB
Available Pagefile: 13502.49 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:176.45 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator            Guest                    Home                     
Home_2                   UpdatusUser              


**** End of log ****
 

 

4.  ESET Log

 

C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
 



#11 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 April 2015 - 10:31 PM

I'm signing out for now, but based on the logs that you see above, feel free to let me know if there's anything else that needs to be done.    Some of those errors look curious, and I might investigate myself further when I have the chance.  Otherwise, I'll try to log on again tomorrow morning as soon as I can.

 

thanks again for all your help!


Edited by abyss_of_mediocrity, 27 April 2015 - 10:34 PM.


#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 28 April 2015 - 04:12 AM

Error: (04/27/2015 10:57:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

 

 

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

 

 

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#13 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 28 April 2015 - 07:19 PM

1.  RstHosts ran successfully.

2. Wipe did not run (no reaction - skipped)

3. Secure Ninja completed successfully.

4. CC Cleaner instructions completed / run successfully.

5.  eSCANAV scan completed successfully; logs are pasted below:

 

28 Apr 2015 20:04:16 [07cc] - **********************************************************
28 Apr 2015 20:04:16 [07cc] - MWAV - eScanAV AntiVirus Toolkit.
28 Apr 2015 20:04:16 [07cc] - Copyright © MicroWorld Technologies
28 Apr 2015 20:04:16 [07cc] - **********************************************************
28 Apr 2015 20:04:16 [07cc] - Source: C:\Users\Home\Downloads\mwav.exe
28 Apr 2015 20:04:16 [07cc] - Version 14.0.178 (C:\USERS\HOME\APPDATA\LOCAL\TEMP\MEXE.COM)
28 Apr 2015 20:04:16 [07cc] - Log File: C:\Users\Home\AppData\Local\Temp\MWAV.LOG
28 Apr 2015 20:04:16 [07cc] - MWAV Registered: TRUE
28 Apr 2015 20:04:16 [07cc] - User Account: Home (Administrator Mode)
28 Apr 2015 20:04:16 [07cc] - OS Type: Windows Workstation [InstallType: Client]
28 Apr 2015 20:04:16 [07cc] - OS: Windows 7 64-Bit [OS Install Date: 13 Apr 2015 22:57:26]
28 Apr 2015 20:04:16 [07cc] - Ver: Personal Service Pack 1 (Build 7601)
28 Apr 2015 20:04:16 [07cc] - System Up Time: 5 Minutes, 41 Seconds


28 Apr 2015 20:04:16 [07cc] - Parent Process Name : C:\Users\Home\Downloads\mwav.exe
28 Apr 2015 20:04:16 [07cc] - Windows Root  Folder: C:\Windows
28 Apr 2015 20:04:16 [07cc] - Windows Sys32 Folder: C:\Windows\system32
28 Apr 2015 20:04:16 [07cc] - DHCP NameServer: 192.168.0.1
28 Apr 2015 20:04:16 [07cc] - Interface0 DHCPNameServer: 209.222.18.222 209.222.18.218
28 Apr 2015 20:04:16 [07cc] - Interface1 DHCPNameServer: 192.168.0.1
28 Apr 2015 20:04:16 [07cc] - Interface2 DHCPNameServer: 192.168.0.1
28 Apr 2015 20:04:16 [07cc] - Local Fixed Drives: c:\
28 Apr 2015 20:04:16 [07cc] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
28 Apr 2015 20:04:16 [07cc] - [CREATED ZIP FILE: C:\Users\Home\AppData\Local\Temp\pinfect.zip]
28 Apr 2015 20:04:16 [07cc] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
28 Apr 2015 20:04:18 [07cc] - ** Changed Value of "Path"
28 Apr 2015 20:04:18 [07cc] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Home\AppData\Local\Temp\ESCANDB.LOG]
28 Apr 2015 20:04:19 [07cc] - Loaded/Created FileScan Cache Database...
28 Apr 2015 20:04:19 [07cc] - Loading AV Library [DB]...
28 Apr 2015 20:04:33 [07cc] - ArchiveScan: DISABLED
28 Apr 2015 20:04:34 [07cc] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
28 Apr 2015 20:04:34 [07cc] - MWAV doing self scanning...
28 Apr 2015 20:04:34 [07cc] - MWAV files are clean.
28 Apr 2015 20:04:37 [07cc] - ArchiveScan: DISABLED
28 Apr 2015 20:04:37 [07cc] - Virus Database Date: 02 Mar 2015
28 Apr 2015 20:04:37 [07cc] - Virus Database Count: 6701505
28 Apr 2015 20:04:37 [07cc] - Sign Version: 7.59505 [518257]
28 Apr 2015 20:04:42 [07cc] - Downloading AntiVirus and Anti-Spyware Databases...
28 Apr 2015 20:10:42 [07cc] - Update Successful...
28 Apr 2015 20:11:33 [07cc] - Indexed Spyware Databases Successfully Created...
28 Apr 2015 20:11:33 [07cc] - Old Sign Version: 7.59505    New Sign Version: 7.60337
28 Apr 2015 20:11:40 [07cc] - Reload of AntiVirus Signatures successfully done.
28 Apr 2015 20:11:40 [07cc] - Virus Database Date: 28 Apr 2015
28 Apr 2015 20:11:40 [07cc] - Virus Database Count: 5772335
28 Apr 2015 20:11:40 [07cc] - Sign Version: 7.60337 [519089]
 
28 Apr 2015 20:11:57 [07cc] - **********************************************************
28 Apr 2015 20:11:57 [07cc] - MWAV - eScanAV AntiVirus Toolkit.
28 Apr 2015 20:11:57 [07cc] - Copyright © MicroWorld Technologies
28 Apr 2015 20:11:57 [07cc] -
28 Apr 2015 20:11:57 [07cc] - Support: support@escanav.com
28 Apr 2015 20:11:57 [07cc] - Web: http://www.escanav.com
28 Apr 2015 20:11:57 [07cc] - **********************************************************
28 Apr 2015 20:11:57 [07cc] - Version 14.0.178[DB] (C:\USERS\HOME\APPDATA\LOCAL\TEMP\MEXE.COM)
28 Apr 2015 20:11:57 [07cc] - Log File: C:\Users\Home\AppData\Local\Temp\MWAV.LOG
28 Apr 2015 20:11:57 [07cc] - User Account: Home (Administrator Mode)
28 Apr 2015 20:11:57 [07cc] - Parent Process Name : C:\Users\Home\Downloads\mwav.exe
28 Apr 2015 20:11:57 [07cc] - Windows Root  Folder: C:\Windows
28 Apr 2015 20:11:57 [07cc] - Windows Sys32 Folder: C:\Windows\system32
28 Apr 2015 20:11:57 [07cc] - OS: Windows 7 64-Bit [OS Install Date: 13 Apr 2015 22:57:26]
28 Apr 2015 20:11:57 [07cc] - Ver: Personal Service Pack 1 (Build 7601)
28 Apr 2015 20:11:57 [07cc] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
28 Apr 2015 20:11:57 [0a6c] - Options Selected by User:
28 Apr 2015 20:11:57 [0a6c] - Memory Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - Registry Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - StartUp Folder Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - System Folder Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - Services Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - Scan Spyware: Enabled
28 Apr 2015 20:11:57 [0a6c] - Scan Archives: Disabled
28 Apr 2015 20:11:57 [0a6c] - Drive Check: Enabled
28 Apr 2015 20:11:57 [0a6c] - All Drive Check :Disabled
28 Apr 2015 20:11:57 [0a6c] - Drive Selected = C:\
28 Apr 2015 20:11:57 [0a6c] - Folder Check: Disabled
28 Apr 2015 20:11:57 [0a6c] - SCAN: All_Files [ANSI]
28 Apr 2015 20:11:57 [0a6c] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
28 Apr 2015 20:11:57 [0a6c] - Scanning DNS Records...
28 Apr 2015 20:11:57 [0a6c] - Scanning Master Boot Record (User)...
28 Apr 2015 20:11:57 [0a6c] - Scanning Logical Boot Records...
28 Apr 2015 20:11:57 [0a6c] - ***** Scanning For Hidden Rootkit Processes *****
28 Apr 2015 20:11:57 [0a6c] - ***** Scanning For Hidden Rootkit Services *****
 
28 Apr 2015 20:11:58 [0a6c] - ***** Scanning Memory Files *****
 
28 Apr 2015 20:12:00 [0a6c] - ***** Scanning Registry Files *****
 
28 Apr 2015 20:12:01 [0a6c] - ***** Scanning StartUp Folders *****
 
28 Apr 2015 20:12:03 [0a6c] - ***** Scanning Service Files *****
28 Apr 2015 20:12:05 [0a6c] - ERROR(2)!!! Invalid Entry \??\C:\Users\Home\AppData\Local\Temp\cpuz137\cpuz137_x64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\cpuz137.
28 Apr 2015 20:12:08 [0a6c] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
28 Apr 2015 20:12:09 [0a6c] - ***** Scanning Registry and File system for Adware/Spyware *****
28 Apr 2015 20:12:09 [0a6c] - Loading Spyware Signatures from new External Database [Name: C:\Users\Home\AppData\Local\Temp\spydb.avs, Size: 464724]...
28 Apr 2015 20:12:09 [0a6c] - Indexed Spyware Databases Successfully Created...
 
 
28 Apr 2015 20:12:10 [0a6c] - ***** Scanning Registry Files *****
 
28 Apr 2015 20:12:10 [0a6c] - ***** Scanning System32 Folders *****
 
 
28 Apr 2015 20:12:21 [0a6c] - ***** Scanning Drive C:\ *****
28 Apr 2015 20:12:24 [0ab4] - C:\Program Files\Bitdefender\Bitdefender 2015\onaccess.dat not Scanned. Possibly password protected...
28 Apr 2015 20:13:34 [0580] - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
28 Apr 2015 20:13:34 [0acc] - Scanning File C:\System Volume Information\{03ac0ec0-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0ab4] - Scanning File C:\System Volume Information\{03ac0f67-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0acc] - Scanning File C:\System Volume Information\{03ac0f6b-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0580] - Scanning File C:\System Volume Information\{03ac108b-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0ab4] - Scanning File C:\System Volume Information\{03ac1098-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0484] - Scanning File C:\System Volume Information\{03ac109c-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0acc] - Scanning File C:\System Volume Information\{03ac119f-e5e0-11e4-b6e5-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0580] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [04e8] - Scanning File C:\System Volume Information\{5c9d447c-ed4e-11e4-8f5d-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:13:34 [0ab4] - Scanning File C:\System Volume Information\{6dc2977e-e4aa-11e4-8f4a-086266c578e7}{3808876b-c176-4e48-b7ae-04046e6cc752}
28 Apr 2015 20:14:38 [1164] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
28 Apr 2015 20:14:38 [1164] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
 
28 Apr 2015 20:16:31 [0a6c] - ***** Checking for specific ITW Viruses *****
 
28 Apr 2015 20:16:31 [0a6c] - ***** Scanning complete. *****
 
28 Apr 2015 20:16:31 [0a6c] - Total Objects Scanned: 201614
28 Apr 2015 20:16:31 [0a6c] - Total Critical Objects: 0
28 Apr 2015 20:16:31 [0a6c] - Total Disinfected Objects: 0
28 Apr 2015 20:16:32 [0a6c] - Total Objects Renamed: 0
28 Apr 2015 20:16:32 [0a6c] - Total Deleted Objects: 0
28 Apr 2015 20:16:32 [0a6c] - Total Errors: 1
28 Apr 2015 20:16:32 [0a6c] - Time Elapsed: 00:04:30
28 Apr 2015 20:16:32 [0a6c] - Virus Database Date: 28 Apr 2015
28 Apr 2015 20:16:32 [0a6c] - Virus Database Count: 5772335
28 Apr 2015 20:16:32 [0a6c] - Sign Version: 7.60337 [519089]
 
28 Apr 2015 20:16:32 [0a6c] - Scan Completed.
 



#14 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 28 April 2015 - 07:25 PM

Log file from Zemana:

 

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/4/28
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i3-4330 CPU @ 3.50GHz
BIOS Mode             : Legacy
CUID                  : 003BD5B77D30224A42D3BB
Scan Type             : Deep Scan
Duration              : 3m 54s
Scanned Objects       : 28777
Detected Objects      : 2
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky


Detected Objects
-------------------------------------------------------
Hosts File
   Status             : Scanned
   Object             : %systemroot%\system32\drivers\etc\hosts
   MD5                : F666B6456726DB927939D86012073291
   Publisher          : -
   Size               : 89
   Version            : -
   Detections         : Hosts Hijack
   Cleaning Action    : Repair
   Traces             :
                Hosts File - Hosts file is hidden

ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 



#15 abyss_of_mediocrity

abyss_of_mediocrity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 28 April 2015 - 07:30 PM

JRT Log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.6 (04.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Home on Tue 04/28/2015 at 20:26:01.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Home\AppData\Roaming\opencandy





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/28/2015 at 20:28:00.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users