Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of malware


  • Please log in to reply
13 replies to this topic

#1 scattista

scattista

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 04 May 2015 - 07:51 PM

I'm getting popups, fake anti-virus screens, fake links in google searches, words highlighted in web pages with advertising content ... you name it, I've got it. I tried using Spybot Search and Destroy but it didn't find anything. Not sure what to do next, any help would be appreciated. 

 

Paul. 



BC AdBot (Login to Remove)

 


m

#2 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 04 May 2015 - 08:16 PM

some more info that might be useful: 

 

This is on Windows 7. I am using primarily Chrome as my browser, but Firefox also shows problems. A lot of the popups and links reference "Respect Sale". 



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 04 May 2015 - 08:55 PM

Remove Spybot Search and Destroy from your machine, it is useless...

 

 

 

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#4 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 04 May 2015 - 09:42 PM

Thanks. I got through the first couple of items, but when I try to remove startup items in CCleaner, there's a hidden extension in Chrome called "SPaCeCoupoNApp" that I can't disable. Message is "some of the selected items cannot be changed as they are protected by the browser"



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 04 May 2015 - 09:44 PM

Just carry out the rest of the instructions, we are gonna use tools that should detect and zap that.


Edited by InadequateInfirmity, 04 May 2015 - 09:44 PM.


#6 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 05 May 2015 - 01:21 PM

Here are the logs. Chrome seems to be clean now, but Firefox is still showing junk listings in a google search. 
 
Paul. 
 
05 May 2015 08:06:08 [0b18] - **********************************************************
05 May 2015 08:06:08 [0b18] - MWAV - eScanAV AntiVirus Toolkit.
05 May 2015 08:06:08 [0b18] - Copyright © MicroWorld Technologies
05 May 2015 08:06:08 [0b18] - **********************************************************
05 May 2015 08:06:08 [0b18] - Source: C:\Users\Paul\Downloads\mwav.exe
05 May 2015 08:06:08 [0b18] - Version 14.0.178 (C:\USERS\PAUL\APPDATA\LOCAL\TEMP\MEXE.COM)
05 May 2015 08:06:08 [0b18] - Log File: C:\Users\Paul\AppData\Local\Temp\MWAV.LOG
05 May 2015 08:06:08 [0b18] - MWAV Registered: TRUE
05 May 2015 08:06:08 [0b18] - User Account: Paul (Administrator Mode)
05 May 2015 08:06:08 [0b18] - OS Type: Windows Workstation [InstallType: Client]
05 May 2015 08:06:08 [0b18] - OS: Windows 7 64-Bit [OS Install Date: 17 Aug 2012 17:18:29]
05 May 2015 08:06:08 [0b18] - Ver: Personal Service Pack 1 (Build 7601)
05 May 2015 08:06:08 [0b18] - System Up Time: 9 Hours, 4 Minutes, 0 Second
 
 
05 May 2015 08:06:08 [0b18] - Parent Process Name : C:\Users\Paul\Downloads\mwav.exe
05 May 2015 08:06:08 [0b18] - Windows Root  Folder: C:\Windows
05 May 2015 08:06:08 [0b18] - Windows Sys32 Folder: C:\Windows\system32
05 May 2015 08:06:08 [0b18] - DHCP NameServer: 75.75.75.75 75.75.76.76
05 May 2015 08:06:08 [0b18] - Interface0 DHCPNameServer: 75.75.75.75 75.75.76.76
05 May 2015 08:06:08 [0b18] - Interface0 NameServer: 9.0.130.50,9.0.128.50
05 May 2015 08:06:08 [0b18] - Local Fixed Drives: c:\,d:\
05 May 2015 08:06:08 [0b18] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
05 May 2015 08:06:08 [0b18] - [CREATED ZIP FILE: C:\Users\Paul\AppData\Local\Temp\pinfect.zip]
05 May 2015 08:06:08 [0b18] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
05 May 2015 08:06:10 [0b18] - ** Changed Value of "Path"
05 May 2015 08:06:10 [0b18] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
05 May 2015 08:06:10 [0b18] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
05 May 2015 08:06:11 [0b18] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Paul\AppData\Local\Temp\ESCANDB.LOG]
05 May 2015 08:06:12 [0b18] - Loaded/Created FileScan Cache Database...
05 May 2015 08:06:12 [0b18] - Loading AV Library [DB]...
05 May 2015 08:06:47 [0b18] - ArchiveScan: DISABLED
05 May 2015 08:06:47 [0b18] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
05 May 2015 08:06:47 [0b18] - MWAV doing self scanning...
05 May 2015 08:06:47 [0b18] - MWAV files are clean.
05 May 2015 08:06:53 [0b18] - ArchiveScan: DISABLED
05 May 2015 08:06:53 [0b18] - Virus Database Date: 02 Mar 2015
05 May 2015 08:06:53 [0b18] - Virus Database Count: 6701505
05 May 2015 08:06:53 [0b18] - Sign Version: 7.59505 [518257]
05 May 2015 08:08:20 [0b18] - Downloading AntiVirus and Anti-Spyware Databases...
05 May 2015 08:13:15 [0b18] - Update Successful...
05 May 2015 08:13:40 [0b18] - Indexed Spyware Databases Successfully Created...
05 May 2015 08:13:40 [0b18] - Old Sign Version: 7.59505 New Sign Version: 7.60434
05 May 2015 08:13:52 [0b18] - Reload of AntiVirus Signatures successfully done.
05 May 2015 08:13:52 [0b18] - Virus Database Date: 05 May 2015
05 May 2015 08:13:52 [0b18] - Virus Database Count: 5939089
05 May 2015 08:13:52 [0b18] - Sign Version: 7.60434 [519186]
 
05 May 2015 08:14:17 [0b18] - **********************************************************
05 May 2015 08:14:17 [0b18] - MWAV - eScanAV AntiVirus Toolkit.
05 May 2015 08:14:17 [0b18] - Copyright © MicroWorld Technologies
05 May 2015 08:14:17 [0b18] - 
05 May 2015 08:14:17 [0b18] - Support: support@escanav.com
05 May 2015 08:14:17 [0b18] - Web: http://www.escanav.com
05 May 2015 08:14:17 [0b18] - **********************************************************
05 May 2015 08:14:17 [0b18] - Version 14.0.178[DB] (C:\USERS\PAUL\APPDATA\LOCAL\TEMP\MEXE.COM)
05 May 2015 08:14:17 [0b18] - Log File: C:\Users\Paul\AppData\Local\Temp\MWAV.LOG
05 May 2015 08:14:17 [0b18] - User Account: Paul (Administrator Mode)
05 May 2015 08:14:17 [0b18] - Parent Process Name : C:\Users\Paul\Downloads\mwav.exe
05 May 2015 08:14:17 [0b18] - Windows Root  Folder: C:\Windows
05 May 2015 08:14:17 [0b18] - Windows Sys32 Folder: C:\Windows\system32
05 May 2015 08:14:17 [0b18] - OS: Windows 7 64-Bit [OS Install Date: 17 Aug 2012 17:18:29]
05 May 2015 08:14:17 [0b18] - Ver: Personal Service Pack 1 (Build 7601)
05 May 2015 08:14:17 [0b18] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
05 May 2015 08:14:17 [1668] - Options Selected by User:
05 May 2015 08:14:17 [1668] - Memory Check: Enabled
05 May 2015 08:14:17 [1668] - Registry Check: Enabled
05 May 2015 08:14:17 [1668] - StartUp Folder Check: Enabled
05 May 2015 08:14:17 [1668] - System Folder Check: Enabled
05 May 2015 08:14:17 [1668] - Services Check: Enabled
05 May 2015 08:14:17 [1668] - Scan Spyware: Enabled
05 May 2015 08:14:17 [1668] - Scan Archives: Disabled
05 May 2015 08:14:17 [1668] - Drive Check: Enabled
05 May 2015 08:14:17 [1668] - All Drive Check :Disabled
05 May 2015 08:14:17 [1668] - Drive Selected = C:\
05 May 2015 08:14:17 [1668] - Folder Check: Disabled
05 May 2015 08:14:17 [1668] - SCAN: All_Files [ANSI]
05 May 2015 08:14:17 [1668] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
05 May 2015 08:14:17 [1668] - Scanning DNS Records...
05 May 2015 08:14:17 [1668] - Scanning Master Boot Record (User)...
05 May 2015 08:14:17 [1668] - Scanning Logical Boot Records...
05 May 2015 08:14:19 [1668] - ***** Scanning For Hidden Rootkit Processes *****
05 May 2015 08:14:19 [1668] - ***** Scanning For Hidden Rootkit Services *****
 
05 May 2015 08:14:23 [1668] - ***** Scanning Memory Files *****
 
05 May 2015 08:14:30 [1668] - ***** Scanning Registry Files *****
05 May 2015 08:14:30 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExstrACoupOn\DTDkncLMz3XeVb.dll (in key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7833ae99-0cc2-4f5e-b78a-8824c6cb1c73}). Action Taken: Removing it.
05 May 2015 08:15:00 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExostrraCouupon\zRww7b83azNd4Z.dll (in key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10a9afa-b64f-498a-a039-0d96952e31b8}). Action Taken: Removing it.
05 May 2015 08:15:00 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExstrACoupOn\DTDkncLMz3XeVb.x64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7833ae99-0cc2-4f5e-b78a-8824c6cb1c73}). Action Taken: Removing it.
05 May 2015 08:15:00 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExostrraCouupon\zRww7b83azNd4Z.x64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10a9afa-b64f-498a-a039-0d96952e31b8}). Action Taken: Removing it.
 
05 May 2015 08:15:02 [1668] - ***** Scanning StartUp Folders *****
05 May 2015 08:15:14 [050c] - ScanFile (C:\Users\Paul\AppData\Roaming\Spotify\libcef.dll) took 5819 ms
05 May 2015 08:15:27 [050c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1614] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0cc4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1614] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1650] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0cc4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\HitsLink-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [050c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [050c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1614] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [129c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1614] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0630] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [129c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [050c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1650] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0a2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1650] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1670] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [1614] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [129c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0630] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [050c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0a2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0000.zip not Scanned. Possibly password protected...
05 May 2015 08:15:27 [0cc4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip not Scanned. Possibly password protected...
 
05 May 2015 08:15:27 [1668] - ***** Scanning Service Files *****
05 May 2015 08:15:28 [1670] - Scanning File C:\ProgramData\{b2c89feb-78dd-10f7-b2c8-89feb78d7fad}\Download.exe
05 May 2015 08:15:29 [1668] - Invalid DLL ["c:\Program Files (x86)\IncrementProc\IncrementProc.dll] in entry [ImagePath="C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IncrementProc\IncrementProc.dll",serv]
05 May 2015 08:15:39 [1668] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
05 May 2015 08:15:42 [1668] - ***** Scanning Registry and File system for Adware/Spyware *****
05 May 2015 08:15:42 [1668] - Loading Spyware Signatures from new External Database [Name: C:\Users\Paul\AppData\Local\Temp\spydb.avs, Size: 464724]...
05 May 2015 08:15:42 [1668] - Indexed Spyware Databases Successfully Created...
 
 
05 May 2015 08:15:45 [1668] - ***** Scanning Registry Files *****
05 May 2015 08:15:45 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExstrACoupOn\DTDkncLMz3XeVb.x64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7833ae99-0cc2-4f5e-b78a-8824c6cb1c73}). Action Taken: Removing it.
05 May 2015 08:15:45 [1668] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\ExostrraCouupon\zRww7b83azNd4Z.x64.dll (in key HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10a9afa-b64f-498a-a039-0d96952e31b8}). Action Taken: Removing it.
05 May 2015 08:15:46 [1668] - ** Possible invalid line [127.0.0.1  download-mcafee.com] in HOSTS file!
 
05 May 2015 08:15:46 [1668] - ***** Scanning System32 Folders *****
 
 
05 May 2015 08:16:49 [1668] - ***** Scanning Drive C:\ *****
05 May 2015 08:16:55 [0630] - ScanFile (C:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\SingleImageWW.msi) took 5397 ms
05 May 2015 08:18:05 [0a2c] - ScanFile (C:\Program Files\Microsoft Security Client\Backup\amd64\dw20shared.msi) took 5039 ms
05 May 2015 08:18:31 [1614] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 7644 ms
05 May 2015 08:20:03 [0a2c] - ScanFile (C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\chrome_child.dll) took 5242 ms
05 May 2015 08:23:50 [1614] - Scanning File C:\System Volume Information\{ad3806d4-e79c-11e4-9cd9-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [1670] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [1614] - Scanning File C:\System Volume Information\{f33bcb95-e95c-11e4-b1a6-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [1670] - Scanning File C:\System Volume Information\{f33bcca1-e95c-11e4-b1a6-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [050c] - Scanning File C:\System Volume Information\{f33bca81-e95c-11e4-b1a6-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [129c] - Scanning File C:\System Volume Information\{f33bc911-e95c-11e4-b1a6-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:50 [1650] - Scanning File C:\System Volume Information\{69b9eefe-df91-11e4-8774-4ceb429a49a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
05 May 2015 08:23:53 [0cc4] - Scanning File C:\ProgramData\{b2c89feb-78dd-10f7-b2c8-89feb78d7fad}\Download.exe
05 May 2015 08:23:53 [0cc4] - File C:\ProgramData\{b2c89feb-78dd-10f7-b2c8-89feb78d7fad}\Download.exe infected by "Gen:Variant.Adware.MPlug.31 (DB)" Virus! Action Taken: File Renamed.
 
05 May 2015 08:28:30 [129c] - Scanning File C:\Users\Paul\Music\iTunes\iTunes Music\Gang Gang Dance\Eye Contact\06 8 8.mp3
05 May 2015 08:28:30 [1650] - Scanning File C:\Users\Paul\Music\iTunes\iTunes Music\Gang Gang Dance\Eye Contact\02 8.mp3
05 May 2015 08:28:30 [1670] - Scanning File C:\Users\Paul\Music\iTunes\iTunes Music\Gang Gang Dance\Eye Contact\09 8 8 8.mp3
05 May 2015 08:34:46 [050c] - ScanFile (C:\Windows\Installer\23b592e2.msi) took 8861 ms
05 May 2015 08:34:47 [1670] - ScanFile (C:\Windows\Installer\2eab34d.msp) took 5554 ms
05 May 2015 08:34:49 [0cc4] - ScanFile (C:\Windows\Installer\2eab508.msp) took 5710 ms
05 May 2015 08:34:52 [1614] - ScanFile (C:\Windows\Installer\2eab7a6.msp) took 5835 ms
05 May 2015 08:34:54 [0cc4] - ScanFile (C:\Windows\Installer\55d3d.msi) took 5086 ms
05 May 2015 08:34:54 [129c] - ScanFile (C:\Windows\Installer\2eab764.msp) took 9407 ms
05 May 2015 08:35:10 [1650] - ScanFile (C:\Windows\Installer\2eab292.msp) took 28283 ms
05 May 2015 08:35:10 [1650] - Scanning of C:\Windows\Installer\2eab292.msp Timed out!!!
05 May 2015 08:47:55 [0630] - C:\Windows\System32\log.txt not Scanned. Possibly password protected...
05 May 2015 09:06:49 [0a2c] - ScanFile (C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.22865_none_6cb760e7070688fc\GdiPlus.dll) took 5101 ms
 
05 May 2015 09:07:30 [1668] - ***** Checking for specific ITW Viruses *****
 
05 May 2015 09:07:31 [1668] - ***** Scanning complete. *****
 
05 May 2015 09:07:31 [1668] - Total Objects Scanned: 258598
05 May 2015 09:07:31 [1668] - Total Critical Objects: 1
05 May 2015 09:07:31 [1668] - Total Disinfected Objects: 0
05 May 2015 09:07:31 [1668] - Total Objects Renamed: 1
05 May 2015 09:07:31 [1668] - Total Deleted Objects: 0
05 May 2015 09:07:31 [1668] - Total Errors: 6
05 May 2015 09:07:31 [1668] - Time Elapsed: 00:52:30
05 May 2015 09:07:31 [1668] - Virus Database Date: 05 May 2015
05 May 2015 09:07:31 [1668] - Virus Database Count: 5939089
05 May 2015 09:07:31 [1668] - Sign Version: 7.60434 [519186]
 
05 May 2015 09:07:31 [1668] - Scan Completed.
 
 
 
Zemana AntiMalware 2.11.2.62 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/5
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i5-2450M CPU @ 2.50GHz
BIOS Mode             : Legacy
CUID                  : 002E7CC9EDC71C439FFE72
Scan Type             : Deep Scan
Duration              : 22m 52s
Scanned Objects       : 56682
Detected Objects      : 10
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
SPaCeCoupoNApp
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\keo86auw.default\extensions\i@45cpi.net
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : PUA.FirefoxExt!Gr
   Cleaning Action    : Repair
   Traces             :
                Extension - SPaCeCoupoNApp
 
DealNoDeal
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\keo86auw.default\extensions\wtc_ytexivfeqx@kxtkawzcygbpljzejoe.edu
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : PUA.FirefoxExt!Gr
   Cleaning Action    : Repair
   Traces             :
                Extension - DealNoDeal
 
SPaCeCoupoNApp
   Status             : Scanned
   Object             : %localappdata%\google\chrome\user data\default\extensions\lobghpgologpbebeaaohaanbmalfeidh
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : PUA.ChromeExt!Gr
   Cleaning Action    : Repair
   Traces             :
                Extension - SPaCeCoupoNApp
 
5a00CoupoNs
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\keo86auw.default\extensions\kd@nzep3we.org\content\bg.js
   MD5                : 258A307E6A78512DC795040C67ED4199
   Publisher          : -
   Size               : 17764
   Version            : -
   Detections         : Kaspersky: not-a-virus:HEUR:AdWare.Script.Generic
   Cleaning Action    : Repair
   Traces             :
                File - %appdata%\mozilla\firefox\profiles\keo86auw.default\extensions\kd@nzep3we.org\content\bg.js
                Extension - 5a00CoupoNs
 
dbghelp.dll
   Status             : Scanned
   Object             : %programfiles%\mozilla firefox\dbghelp.dll
   MD5                : C27BE2BB25C6DA59638C6109B2821F12
   Publisher          : -
   Size               : 907264
   Version            : -
   Detections         : Avira: ADWARE/MultiPlug.Gen7, Eset: a variant of Win32/Adware.MultiPlug.IY application
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\mozilla firefox\dbghelp.dll
 
Installer.exe
   Status             : Scanned
   Object             : %programfiles%\last.fm\installer.exe
   MD5                : D3BA45C9C2C502DB9773D3A47BEF4F1C
   Publisher          : Last.fm Ltd
   Size               : 95232
   Version            : 2.1.36.0
   Detections         : Avira: ADWARE/InstallCore.Gen7
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\last.fm\installer.exe
 
GoogleUpdate.dll
   Status             : Scanned
   Object             : %programfiles%\google\chrome\application\googleupdate.dll
   MD5                : 447E7BE17C435AB431AEB528A9E8B149
   Publisher          : -
   Size               : 686592
   Version            : 37.0.2013.0
   Detections         : Eset: Win32/ExtenBro.AZ trojan
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\google\chrome\application\googleupdate.dll
 
Setup.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\setup.exe
   MD5                : 670237B4B322CBBA91C8F147085A6444
   Publisher          : -
   Size               : 319296
   Version            : 2014.9.28.1126
   Detections         : AVG: Downloader.DDT, Avira: ADWARE/InstallRex.Gen7, Bitdefender: Application.Bundler.EM
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\setup.exe
 
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
4ee17b8a-2e47fdeb
   Status             : Scanned
   Object             : %localappdata%low\sun\java\deployment\cache\6.0\10\4ee17b8a-2e47fdeb
   MD5                : 929B50A51A6C8792482C6AAD67031F18
   Publisher          : -
   Size               : 50528
   Version            : -
   Detections         : Avira: TR/Java.Downloader.Gen
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%low\sun\java\deployment\cache\6.0\10\4ee17b8a-2e47fdeb
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 10
Reported as safe      : 0
Failed                : 0
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Paul on Tue 05/05/2015 at 14:02:18.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\wininit.ini
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{062A4B77-1E58-4AAF-821E-B8E54BC6C6E8}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{11D5925B-052A-4EEC-A5EA-C827CB0DB37A}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{203BD752-7708-4923-9B55-8929320A8A40}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{212E9637-74C1-445C-A3AC-D61D712EACAB}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{23623C68-FF63-4A86-A958-1C319452C60F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{2420D4D1-D9F9-46FA-AFFF-C1A0CC92B7F3}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{2477CCD9-EDE7-45E2-B405-DCA638DD0A73}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{362CA14C-A143-4136-9E95-FC014C655C6A}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{4CA4F34A-7520-44A7-B1A9-3FCF5E45746E}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{61145550-4630-4C86-8AA6-47A390B4567E}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{6AC11084-1714-448C-AFEC-72193BA5D969}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{7D2F9B56-3E9A-4B08-ADF4-CEA27C6BCE8B}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{8072E9D5-E064-4C1A-9C1F-495C7D13DBFB}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{864E02A1-9438-4F9B-ACAA-BD14BAC20290}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{97E1D48A-0308-4177-BDFC-06B405B15684}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{990B06C9-EB02-404D-9A63-76D876D70F17}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{9FBE48FB-AAEF-44B9-9D4F-DD75FD4C13FB}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{A09D5ED1-F072-4801-9BAD-EB28DA71C990}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{B539C9BE-6E0A-48D8-969E-BE23D27B3A69}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{BD5E10F2-FF13-4AE9-A603-3FB4D0FD374F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{BE1D872C-5C0B-4293-9499-123B780C297B}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{C0C441E0-2DB6-4FBD-BC1D-EE587657BBC8}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{C50D14CD-CEC9-4EAD-8CE5-04153791D05D}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{C9CCF82D-AD80-496B-AAAF-7F9619CFEF74}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{CDA93688-B658-4679-8F12-6157F5606779}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{E656BF3D-6085-4B9E-8805-836EEB12DF0B}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{EA1BDE97-99CA-464C-9A12-AF5F602B049F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{EF4F8125-0094-4210-800E-1A3E8CD873A0}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{F9F7453F-FECE-4973-882E-6BA612062AA1}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{FB12CE15-51FD-4054-91F8-B6A33075C4EA}
Successfully deleted: [Folder] C:\ProgramData\freeworldapp
Successfully deleted: [Folder] C:\ProgramData\partner
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\keo86auw.default\prefs.js
 
user_pref(extensions.0IwvN4fxUlR1nuAn.scode, (function(){try{if(window.location.href.indexOf(\qjr6rdw4qjg9rdU6rdU4qdw9rY\)>-1){return;}}catch(e){}try{var d=[[\triangleca
user_pref(extensions.m01TRx3uHLx7hzVz.scode, (function(){try{if(window.location.href.indexOf(\qjr6rdw4qjg9rdU6rdU4qdw9rY\)>-1){return;}}catch(e){}try{var d=[[\triangleca
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/05/2015 at 14:05:04.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v4.203 - Logfile created 05/05/2015 at 14:12:28
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\BlockIt Ad remover
Folder Deleted : C:\ProgramData\95bbe44800005f42
Folder Deleted : C:\ProgramData\e87c5e7900000aa1
Folder Deleted : C:\ProgramData\{998d7c2a-c888-cd0c-998d-d7c2ac88f0ab}
Folder Deleted : C:\ProgramData\{b2c89feb-78dd-10f7-b2c8-89feb78d7fad}
Folder Deleted : C:\Windows\Util
File Deleted : C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\88e1b61b-1a66-d2d1-91ef-7a0f96a4e7b8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b40bf960}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v36.0.1 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2605 bytes] - [05/05/2015 14:08:41]
AdwCleaner[S0].txt - [2568 bytes] - [05/05/2015 14:12:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2627  bytes] ##########
 

Edited by scattista, 05 May 2015 - 01:38 PM.


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 05 May 2015 - 03:05 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • http://www.eset.com/us/online-scanner/help/
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 05 May 2015 - 05:10 PM

OK, I ran all the items listed. After I was finished, and had rebooted one last time, I was still seeing ads from "deal no deal" in Firefox. i uninstalled Firefox and downloaded the latest version, and the problem seems to have stopped now. 

 

Here are all the logs: 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_05_05_16_09_21
OS: Windows 7 - 64 Bit
Account Name: Paul
U0L0S11
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
 

~ ZHPCleaner v2015.5.5.213 by Nicolas Coolman (05/05/2015)
~ Run by Paul (Administrator)  (05/05/2015 16:26:58)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Paul\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Paul\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (7)
MOVED file: C:\ProgramData\InstallMate\{36C897D2-3F51-47DE-A535-7773ED2BB524}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{196F928D-56DC-4FD7-AD3C-1EFEC28CB07B}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{36C897D2-3F51-47DE-A535-7773ED2BB524}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{196F928D-56DC-4FD7-AD3C-1EFEC28CB07B}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] (PUP.Tarma)
MOVED file**: C:\Users\Paul\AppData\Roaming\appdataFr3.bin   (PUP.Optional)
MOVED folder*: C:\ProgramData\723889299319801303 (Adware.CrossRider)
MOVED folder*: C:\ProgramData\InstallMate (PUP.Tarma)
 
 
---\\  Registry ( Key, Value, Data) (5)
DELETED key*: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{7833ae99-0cc2-4f5e-b78a-8824c6cb1c73} [ExstrACoupOn] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{c10a9afa-b64f-498a-a039-0d96952e31b8} [ExostrraCouupon] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_29EBA8C2ED1206321A8B41FC997F63B8 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 3097
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 12
 
 
End of clean at 16:27:09
===================
ZHPCleaner-[R]-05052015-16_27_09.txt
ZHPCleaner-[S]-05052015-16_26_07.txt
 

Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Zemana AntiMalware    
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 36.0.1 Firefox out of Date!  
 Google Chrome (42.0.2311.135) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Paul (administrator) on 05-05-2015 at 16:40:26
Running from "C:\Users\Paul\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 09933JU Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
AGN Virtual Network Adapter = Local Area Connection 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® 82579V Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Paul-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 4C-EB-42-9A-49-A4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 4C-EB-42-9A-49-A4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
   Physical Address. . . . . . . . . : 4C-EB-42-9A-49-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:c:980:1dd::3240(Preferred) 
   Lease Obtained. . . . . . . . . . : Tuesday, May 05, 2015 4:28:41 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 12, 2015 4:28:41 PM
   IPv6 Address. . . . . . . . . . . : 2601:c:980:1dd:c47:9f1f:a9fa:605b(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:c:980:1dd:2dd9:2e8c:db59:d883(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c47:9f1f:a9fa:605b%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.138(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 05, 2015 4:28:39 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 12, 2015 4:28:39 PM
   Default Gateway . . . . . . . . . : fe80::c0c6:87ff:fe05:51f7%15
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 323808066
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-AE-77-A1-3C-97-0E-19-82-25
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
   Physical Address. . . . . . . . . : 3C-97-0E-19-82-25
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 4C-EB-42-9A-49-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.nj.comcast.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4006:80e::200e
 173.194.123.2
 173.194.123.3
 173.194.123.14
 173.194.123.9
 173.194.123.6
 173.194.123.5
 173.194.123.8
 173.194.123.4
 173.194.123.7
 173.194.123.0
 173.194.123.1
 
 
Pinging google.com [2607:f8b0:4006:808::1001] with 32 bytes of data:
Reply from 2607:f8b0:4006:808::1001: time=31ms 
Reply from 2607:f8b0:4006:808::1001: time=21ms 
 
Ping statistics for 2607:f8b0:4006:808::1001:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 31ms, Average = 26ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=97ms TTL=52
Reply from 206.190.36.45: bytes=32 time=96ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 96ms, Maximum = 97ms, Average = 96ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...4c eb 42 9a 49 a4 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...4c eb 42 9a 49 a4 ......Microsoft Virtual WiFi Miniport Adapter
 15...4c eb 42 9a 49 a3 ......Intel® Centrino® Wireless-N 1030
 13...3c 97 0e 19 82 25 ......Intel® 82579V Gigabit Network Connection
 12...4c eb 42 9a 49 a7 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.138     25
         10.0.0.0    255.255.255.0         On-link        10.0.0.138    281
       10.0.0.138  255.255.255.255         On-link        10.0.0.138    281
       10.0.0.255  255.255.255.255         On-link        10.0.0.138    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.138    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.138    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    281 ::/0                     fe80::c0c6:87ff:fe05:51f7
  1    306 ::1/128                  On-link
 15     33 2601:c:980:1dd::/64      On-link
 15    281 2601:c:980:1dd::3240/128 On-link
 15    281 2601:c:980:1dd:c47:9f1f:a9fa:605b/128
                                    On-link
 15    281 2601:c:980:1dd:2dd9:2e8c:db59:d883/128
                                    On-link
 15    281 fe80::/64                On-link
 15    281 fe80::c47:9f1f:a9fa:605b/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/05/2015 04:29:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 02:29:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 02:13:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 01:58:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 09:21:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (05/04/2015 11:03:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/05/2015 04:31:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:31:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:29:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IncrementProc service to connect.
 
Error: (05/05/2015 04:28:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:28:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:27:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:13:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/05/2015 04:12:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/05/2015 02:29:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IncrementProc service to connect.
 
Error: (05/05/2015 02:13:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IncrementProc service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (05/05/2015 04:29:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 02:29:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 02:13:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 01:58:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 09:21:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/04/2015 11:03:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (05/04/2015 11:03:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61105.2317 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Global Network Client Managed VPN Edition (HKLM-x32\...\{3DD4E2A6-9ECC-48A5-ABCE-74A7B594B9BD}) (Version: 9.0.1.3005 - AT&T)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.901.1.1-111105a-129749C-Lenovo - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.27.0 - Conexant)
CutePDF Writer 2.6 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.28 - Cypress Semiconductor, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7453B4F-9A57-4B46-9878-48F90223F8F7}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo)
Energy Management (x32 Version: 6.0.2.8 - Lenovo) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.1.1821.1806 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.3.48.0 (HKLM\...\PROSetDX) (Version: 16.3.48.0 - Intel)
Intel® Network Connections 16.3.48.0 (Version: 16.3.48.0 - Intel) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0102 - Lenovo)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.56001.0 - Sonix)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3212 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden
Lenovo PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3029.52 - CyberLink Corp.)
Lenovo PowerDVD 10 (x32 Version: 10.0.3029.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.6700 - SRS Labs, Inc.)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1) (HKLM\...\03A1C6133CBCFD1D944CAC45762E2EC5CD524136) (Version: 08/04/2011 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wipe (HKLM\...\wipe) (Version: 2015.04 - PrivacyRoot.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.11.1.62 - Zemana Ltd.)
 
========================= Devices: ================================
 
Name: AGN Virtual Network Adapter
Description: AGN Virtual Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AT&T
Service: avpnnic
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 8105.59 MB
Available physical RAM: 5869.54 MB
Total Pagefile: 16209.37 MB
Available Pagefile: 13733.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:283.17 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:30.35 GB) (Free:27.3 GB) NTFS
3 Drive e: () (Removable) (Total:14.73 GB) (Free:14.53 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\PAUL-PC
 
Administrator            Guest                    NonAdmin                 
Paul                     
 
 
**** End of log ****
 

C:\Users\All Users\comcastModemRelease\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\95bbe44800005f42\95bbe44800005f42.dll.vir a variant of Win32/SProtector.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{b2c89feb-78dd-10f7-b2c8-89feb78d7fad}\Download.exe.mwt.vir.mwt a variant of Win32/Adware.MultiPlug.EZ application cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\ProgramData\comcastModemRelease\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Users\Paul\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Paul\Downloads\Comcast_Desktop_Software_1305(1).exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
 
 


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 05 May 2015 - 07:58 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 



#10 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 06 May 2015 - 07:55 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/6/2015
Scan Time: 8:38:54 AM
Logfile: Malwarebytes log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.06.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394460
Time Elapsed: 8 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.IncrementProc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\b40bf960, Quarantined, [e6854e42a0eac1758bf302d0fa09f40c], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.AdsRemover.A, C:\ProgramData\Ads Remover, Quarantined, [92d94f411f6b48ee0c4adfdaab58629e], 
 
Files: 7
PUP.Optional.MultiPlug.Uns, C:\ProgramData\Ads Remover\Ads Remover.exe, Quarantined, [b4b72d634545e35315104cf919eaf20e], 
PUP.PSWTool.ProductKey, C:\Program Files\Produkey\produkey-x64.zip, Quarantined, [81eaff91ef9bed496cf57e0a946cb947], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205\lsdb.js, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205\background.html, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205\content.js, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205\manifest.json, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
PUP.Optional.MultiPlug.A, C:\Users\NonAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\205\z.js, Quarantined, [e48799f7dcae3204a1d62c34b1548080], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 06 May 2015 - 11:11 AM

Any issues to speak of?



#12 scattista

scattista
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 06 May 2015 - 11:24 AM

Seems to be fine now, thanks for your help. Any recommendations for ongoing protection? Should I run any of these tools for real time checking? Obviously the Microsoft Security Essentials is useless. 



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 06 May 2015 - 11:33 AM

I would use one of the following free antivirus.

 

360 Total Security http://www.360totalsecurity.com/en/

Avira Free  http://www.avira.com/en/avira-free-antivirus

Bitdefender Free. http://www.bitdefender.com/solutions/free.html

 

 

An Av side kick I use, it does not offer realtime protection but it is a good on demand scanner that uses only 1% cpu and is auto updated. You can safely run this alongside any antivirus.

http://www.tgsoft.it/english/download_eng.asp

 

 

Update you software.

https://patchmypc.net/freeupdater/PatchMyPC.exe

 

https://patchmypc.net/download

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

http://www.toolwiz.com/en/products/toolwiz-smart-defrag/ Defrag your machine.

adguard use with adblock for basically zero ads

https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en

https://addons.mozilla.org/en-uS/firefox/addon/adguard-adblocker/

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

 

 

As far as what scans to keep, I would run ZHP cleaner and adware cleaner once every two weeks. Perhaps an eset scan once a month, Also malwarebytes once a week. :)



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 06 May 2015 - 11:35 AM

 

 

Error: (05/05/2015 04:31:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

 

 

 

 

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users