Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It's either sick or dying...


  • Please log in to reply
8 replies to this topic

#1 Carl-E

Carl-E

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 07 May 2015 - 07:20 PM

You guys helped me out of a terrible malware situation on a different machine a couple of years ago, and it's good to see you're still here, because I'm in a tight spot again!

I teach online, so this is a bit urgent. I've got things partially stabilized, but not good enough.

My Toshiba Laptop (Win 7) has been crashing on an irregular basis. Firefox is the first and most regular victim, it crashes a lot. When it does, I get the usual messages, and the offer to report the problem and restart.

16791623443_34340ea4f5_o.png

(It's not always the plugin container, lately it's just been Firefox)

17224313970_03d037e308_o.png

I also get some weird warning messages, the first was a division by zero warning for AVG that showed up on a reboot.

I went into Safe Mode with networking, and downloaded and ran Malwarebytes. It found 1843 PUP's (potentially unwanted programs) and one thing that it flagged as malware. I removed them, but then reran malwarebytes in regular windows, and it wouldn't run - it kicked off before the scan started. I removed it, reloaded it in safe mode again, and it found more stuff. But the machine, though a little more stable is not healed.

I also reloaded AVG in safe mode, but it won't complete a scan. I don't get the division by zero warning anymore on login, but I get it now about Live Update.

16789349434_771106e92a_o.png

I did read about the update issue for Win 7 the other day, and fear I may be the victim of something that took advantage of the hole and now won't allow updates. It tried updating in safemode, but said it failed.

When Firefox is about top crash, it will often run at full tilt and hot;

17385879606_ceb1e4923b_o.png

It's run hotter, but the computer itself usually crashes around 195 degrees or so. I'm also getting BSODs when it crashes, but the BSOD is much smaller than the screen, and goes by really fast which makes me suspicious. It usually mentions Memory Management, but sometimes mentions other things.

It also usually wants to do a CHKDSK at bootup, but then says Autochk won't run because of recently installed software. I can't do a system restore, I never set it up 0_0 (I'll never make that mistake again...)

So that's about where I am. Any assistance will be thoroughly appreciated!

Carl



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 07 May 2015 - 07:38 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Carl-E

Carl-E
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 17 May 2015 - 06:07 AM

Hi, sorry it took so long to respond.  Like I said, I teach online and I've had to use the computer as I went through this process.  It stabilised a lot after the first two steps, but still would crash and act weird. 

 

I decided to redo the whole process again, after getting through step 2 (Zemena), but eScan and Zemana didn't seem to woork properly on repeated tries.  I went through the rest of the process, but JRT wouldn't run and the machine bluescreened again.  I started it in safemode, and it ran.  I trird it again under a "normal" start, but it seems to have deleted the original log file.  It ran, and I have included the current log file. 

 

One thing I found is that the "Live Update" warning I keep getting is for the IOBit malware fighter.  Chkdsc started once but is still not completing, and it tried to install updates but couldn't finish oone of them (I think). 

 

Here are the logs;

 

11 May 2015 19:06:12 [10f4] - **********************************************************
11 May 2015 19:06:12 [10f4] - MWAV - eScanAV AntiVirus Toolkit.
11 May 2015 19:06:12 [10f4] - Copyright © MicroWorld Technologies
11 May 2015 19:06:12 [10f4] - **********************************************************
11 May 2015 19:06:12 [10f4] - Source: C:\Users\CARLLE~1\DOWNLO~1\mwav.exe
11 May 2015 19:06:12 [10f4] - Version 14.0.178 (C:\USERS\CARL LETSCHE\APPDATA\LOCAL\TEMP\MEXE.COM)
11 May 2015 19:06:12 [10f4] - Log File: C:\Users\Carl Letsche\AppData\Local\Temp\MWAV.LOG
11 May 2015 19:06:12 [10f4] - Last Scan Date and Time: 09.05.2015 14:20:03
11 May 2015 19:06:12 [10f4] - MWAV Registered: TRUE
11 May 2015 19:06:12 [10f4] - User Account: Carl Letsche (Administrator Mode)
11 May 2015 19:06:12 [10f4] - OS Type: Windows Workstation [InstallType: Client]
11 May 2015 19:06:12 [10f4] - OS: Windows 7 [OS Install Date: 22 Dec 2012 05:19:53]
11 May 2015 19:06:12 [10f4] - Ver: Professional Service Pack 1 (Build 7601)
11 May 2015 19:06:12 [10f4] - System Up Time: 1 Hour, 28 Minutes, 42 Seconds
11 May 2015 19:06:12 [10f4] - Windows Root  Folder: C:\Windows
11 May 2015 19:06:12 [10f4] - Windows Sys32 Folder: C:\Windows\system32
11 May 2015 19:06:12 [10f4] - DHCP NameServer: 192.168.0.1
11 May 2015 19:06:12 [10f4] - Interface0 DHCPNameServer: 192.168.0.1
11 May 2015 19:06:12 [10f4] - Interface1 DHCPNameServer: 192.168.0.1
11 May 2015 19:06:12 [10f4] - Interface2 DHCPNameServer: 192.168.0.1
11 May 2015 19:06:12 [10f4] - Interface3 DHCPNameServer: 192.168.0.1
11 May 2015 19:06:12 [10f4] - Local Fixed Drives: c:\,v:\
11 May 2015 19:06:12 [10f4] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
11 May 2015 19:06:12 [10f4] - [CREATED ZIP FILE: C:\Users\Carl Letsche\AppData\Local\Temp\pinfect.zip]
11 May 2015 19:06:12 [10f4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
11 May 2015 19:06:15 [10f4] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Carl Letsche\AppData\Local\Temp\ESCANDB.LOG]
11 May 2015 19:06:15 [10f4] - Loaded/Created FileScan Cache Database...
11 May 2015 19:06:15 [10f4] - Loading AV Library [DB]...
11 May 2015 19:06:57 [10f4] - ArchiveScan: DISABLED
11 May 2015 19:06:58 [10f4] - AV Library Loaded [DB-DIRECT].
11 May 2015 19:06:58 [10f4] - MWAV doing self scanning...
11 May 2015 19:07:00 [10f4] - MWAV files are clean.
11 May 2015 19:07:00 [10f4] - ArchiveScan: DISABLED
11 May 2015 19:07:00 [10f4] - Virus Database Date: 02 Mar 2015
11 May 2015 19:07:00 [10f4] - Virus Database Count: 6701505
11 May 2015 19:07:00 [10f4] - Sign Version: 7.59505 [518257]
11 May 2015 19:22:18 [10f4] - Downloading AntiVirus and Anti-Spyware Databases...
11 May 2015 19:41:01 [10f4] - Update Successful...
11 May 2015 19:49:27 [10f4] - Indexed Spyware Databases Successfully Created...
11 May 2015 19:49:27 [10f4] - Old Sign Version: 7.59505    New Sign Version: 7.60540
11 May 2015 19:49:46 [10f4] - Reload of AntiVirus Signatures successfully done.
11 May 2015 19:49:46 [10f4] - Virus Database Date: 11 May 2015
11 May 2015 19:49:46 [10f4] - Virus Database Count: 5859020
11 May 2015 19:49:46 [10f4] - Sign Version: 7.60540 [519292]
 
11 May 2015 19:51:00 [10f4] - **********************************************************
11 May 2015 19:51:00 [10f4] - MWAV - eScanAV AntiVirus Toolkit.
11 May 2015 19:51:00 [10f4] - Copyright © MicroWorld Technologies
11 May 2015 19:51:00 [10f4] -
11 May 2015 19:51:00 [10f4] - Support: support@escanav.com
11 May 2015 19:51:00 [10f4] - Web: http://www.escanav.com
11 May 2015 19:51:00 [10f4] - **********************************************************
11 May 2015 19:51:00 [10f4] - Version 14.0.178[DB] (C:\USERS\CARL LETSCHE\APPDATA\LOCAL\TEMP\MEXE.COM)
11 May 2015 19:51:00 [10f4] - Log File: C:\Users\Carl Letsche\AppData\Local\Temp\MWAV.LOG
11 May 2015 19:51:00 [10f4] - User Account: Carl Letsche (Administrator Mode)
11 May 2015 19:51:00 [10f4] - Windows Root  Folder: C:\Windows
11 May 2015 19:51:00 [10f4] - Windows Sys32 Folder: C:\Windows\system32
11 May 2015 19:51:00 [10f4] - OS: Windows 7 [OS Install Date: 22 Dec 2012 05:19:53]
11 May 2015 19:51:00 [10f4] - Ver: Professional Service Pack 1 (Build 7601)
11 May 2015 19:51:00 [10f4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
11 May 2015 19:51:00 [0c5c] - Options Selected by User:
11 May 2015 19:51:00 [0c5c] - Memory Check: Enabled
11 May 2015 19:51:00 [0c5c] - Registry Check: Enabled
11 May 2015 19:51:00 [0c5c] - StartUp Folder Check: Enabled
11 May 2015 19:51:00 [0c5c] - System Folder Check: Enabled
11 May 2015 19:51:00 [0c5c] - Services Check: Enabled
11 May 2015 19:51:00 [0c5c] - Scan Spyware: Enabled
11 May 2015 19:51:00 [0c5c] - Scan Archives: Disabled
11 May 2015 19:51:00 [0c5c] - Drive Check: Enabled
11 May 2015 19:51:00 [0c5c] - All Drive Check :Disabled
11 May 2015 19:51:00 [0c5c] - Drive Selected = C:\
11 May 2015 19:51:00 [0c5c] - Folder Check: Disabled
11 May 2015 19:51:00 [0c5c] - SCAN: All_Files [ANSI]
11 May 2015 19:51:00 [0c5c] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
11 May 2015 19:51:00 [0c5c] - Scanning DNS Records...
11 May 2015 19:51:00 [0c5c] - Scanning Master Boot Record (Kernel)...
11 May 2015 19:51:01 [0c5c] - Scanning Logical Boot Records...
11 May 2015 19:51:01 [0c5c] - ***** Scanning For Hidden Rootkit Processes *****
11 May 2015 19:51:02 [0c5c] - ***** Scanning For Hidden Rootkit Services *****
11 May 2015 19:51:05 [0c5c] - Walk through registry failed!
 
11 May 2015 19:51:05 [0c5c] - ***** Scanning Memory Files *****
 
11 May 2015 19:51:09 [0c5c] - ***** Scanning Registry Files *****
 
11 May 2015 19:51:10 [0c5c] - ***** Scanning StartUp Folders *****
 
11 May 2015 19:51:26 [0c5c] - ***** Scanning Service Files *****
11 May 2015 19:51:38 [0c5c] - ERROR(2)!!! Invalid Entry \??\C:\Users\CARLLE~1\AppData\Local\Temp\cpuz137\cpuz137_x32.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\cpuz137.
 
11 May 2015 19:52:31 [0c5c] - ***** Scanning Registry and File system for Adware/Spyware *****
11 May 2015 19:52:31 [0c5c] - Loading Spyware Signatures from new External Database [Name: C:\Users\CARLLE~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
11 May 2015 19:52:31 [0c5c] - Indexed Spyware Databases Successfully Created...
 
 
11 May 2015 19:52:37 [0c5c] - ***** Scanning Registry Files *****
 
11 May 2015 19:52:37 [0c5c] - ***** Scanning System32 Folders *****
 
 
11 May 2015 19:53:12 [0c5c] - ***** Scanning Drive C:\ *****
11 May 2015 19:54:06 [0c5c] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - Scanning File C:\System Volume Information\{3d184d3d-efd6-11e4-ab10-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3d184d3d-efd6-11e4-ab10-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - Scanning File C:\System Volume Information\{450e84b5-f76e-11e4-ad49-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{450e84b5-f76e-11e4-ad49-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - Scanning File C:\System Volume Information\{9321cbfe-efa7-11e4-aa2c-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{9321cbfe-efa7-11e4-aa2c-00266c8809d0}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - Scanning File C:\System Volume Information\{9ad37798-ef8b-11e4-80fc-00a0d5ffffaf}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 May 2015 19:54:06 [0c5c] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{9ad37798-ef8b-11e4-80fc-00a0d5ffffaf}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
11 May 2015 20:15:51 [0c5c] - ***** Checking for specific ITW Viruses *****
 
11 May 2015 20:15:51 [0c5c] - ***** Scanning complete. *****
 
11 May 2015 20:15:51 [0c5c] - Total Objects Scanned: 196821
11 May 2015 20:15:51 [0c5c] - Total Critical Objects: 0
11 May 2015 20:15:51 [0c5c] - Total Disinfected Objects: 0
11 May 2015 20:15:51 [0c5c] - Total Objects Renamed: 0
11 May 2015 20:15:51 [0c5c] - Total Deleted Objects: 0
11 May 2015 20:15:51 [0c5c] - Total Errors: 1
11 May 2015 20:15:51 [0c5c] - Time Elapsed: 00:24:30
11 May 2015 20:15:51 [0c5c] - Virus Database Date: 11 May 2015
11 May 2015 20:15:51 [0c5c] - Virus Database Count: 5859020
11 May 2015 20:15:51 [0c5c] - Sign Version: 7.60540 [519292]
 
11 May 2015 20:15:51 [0c5c] - Scan Completed.
 

-----------------------------------------------------------------------------------------------------------

 

Zemana AntiMalware 2.11.2.366 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/13
Operating System      : Windows 7 32-bit
Processor             : 1X AMD V140 Processor
BIOS Mode             : Legacy
CUID                  : 00B20F7533722545DF1C70
Scan Type             : Deep Scan
Duration              : 26m 19s
Scanned Objects       : 43827
Detected Objects      : 5
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
Domain Info           : WORKGROUP,1,2


Detected Objects
-------------------------------------------------------
hposvc08.exe
   Status             : Scanned
   Object             : %programfiles%\hp\digital imaging\bin\hposvc08.exe
   MD5                : 1C511138A2FFC22183EB80DCC57E817E
   Publisher          : -
   Size               : 673280
   Version            : 130.0.373.0
   Detections         : AVG: Generic25.AJXM, Zemana: Malware:Win32/Bailoat.A!Eiam
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\hp\digital imaging\bin\hposvc08.exe

ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application, Zemana: Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe

AriaMaestosaSetup-1.4.7.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ariamaestosasetup-1.4.7.exe
   MD5                : 3D4A12084C5E0137C81578AB0931EEE5
   Publisher          : -
   Size               : 54272
   Version            : 1.4.7.0
   Detections         : Avira: PUA/InstallCore.Gen7, Zemana: Malware:Win32/Tazzi.A!Amte
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ariamaestosasetup-1.4.7.exe

AriaMaestosaSetup-1.4.7(1).exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ariamaestosasetup-1.4.7(1).exe
   MD5                : 3D4A12084C5E0137C81578AB0931EEE5
   Publisher          : -
   Size               : 54272
   Version            : 1.4.7.0
   Detections         : Avira: PUA/InstallCore.Gen7, Zemana: Malware:Win32/Tazzi.A!Amte
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ariamaestosasetup-1.4.7(1).exe

eme-adobe.dll
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\v2v48mhh.default-1431188914014\gmp-eme-adobe\9\eme-adobe.dll
   MD5                : 737EFE36094521AA96C2C3D5B5E5AE47
   Publisher          : -
   Size               : 5909504
   Version            : 5.14.18927.0
   Detections         : AVG: Win32/Heri, Zemana: Malware:Win32/Bliss.A!Ektm
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\mozilla\firefox\profiles\v2v48mhh.default-1431188914014\gmp-eme-adobe\9\eme-adobe.dll


Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 

----------------------------------------------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Ultimate x86
Ran by Carl Letsche on Sun 05/17/2015 at  6:29:06.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\anjpmpempfaedkaamogooccadhhdehed





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/17/2015 at  6:31:59.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

----------------------------------------------------------------------------------------------------------------

 

# AdwCleaner v4.204 - Logfile created 17/05/2015 at 06:47:19
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Carl Letsche - CARLLETSCHE-PC
# Running from : C:\Users\Carl Letsche\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Carl Letsche\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Carl Letsche\AppData\Roaming\Mozilla\Firefox\Profiles\qw8lhkks.default\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Carl Letsche\AppData\Roaming\Mozilla\Firefox\Profiles\qw8lhkks.default\Extensions\searchads@instair.net
Folder Deleted : C:\Users\Carl Letsche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Folder Deleted : C:\Users\Carl Letsche\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152


*************************

AdwCleaner[R0].txt - [2451 bytes] - [17/05/2015 06:45:31]
AdwCleaner[S0].txt - [2412 bytes] - [17/05/2015 06:47:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2471  bytes] ##########

---------------------------------------------------------------------------------------------------------------

 

So that's what I've got.  Like I said, it's not the original JRT log, but the others are all from fiirst runs. 

 

What's the verdict? 

 

Carl



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 17 May 2015 - 06:18 AM

I would uninstall any and all Iobit products.

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 Carl-E

Carl-E
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 17 May 2015 - 07:47 AM

I had the same thought.  All IObit products have been uninstalled through the control panel except the Malware Fighter 3, it's uninstaller keeps crashing.  Ran Adware removel, and it opened my browser for a donation when it was done - then firefox crashed, and I got a bluescreen again. 

 

THe good news is that CHKDSC ran and completed!  The bad news is that I lost the log file... the only things that were checked for removal were inthe PALM directory (I still use an old Treo phone).  Should I run it again?  Would the log tell you anything?  I'll carry on from step 2. 

 

Thanks,

 

Carl



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 17 May 2015 - 09:11 AM

Yes continue on down the list, if you have problems running anything then run in safemode with networking. :) Post all logs



#7 Carl-E

Carl-E
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 17 May 2015 - 12:12 PM

OK, here goes; Adware removal's log is gone, so here are the rest in order (ZHP, Security check, Minitoolbox and ESET).

 

By the way, the link you give for suspending antivirus protection isn't helping with AVG free version 9.0, the switched mentioned aren't there.  So I ran ESET in safemode as suggested.  The others were run in "normal" Windows 7 Ultimate. 

~ ZHPCleaner v2015.5.17.241 by Nicolas Coolman (2015\05\17)
~ Run by Carl Letsche (Administrator)  (17/05/2015 09:02:32)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Carl Letsche\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Carl Letsche\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (2)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)
DELETED data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious items found.


---\\  Registry ( Key, Value, Data) (2)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 666
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 4


End of clean at 09:02:48
===================
ZHPCleaner-[R]-17052015-09_02_48.txt
ZHPCleaner-[S]-17052015-09_01_57.txt

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Anti-Virus Free   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player     17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1)
 Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 IObit IObit Malware Fighter IMFsrv.exe  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Carl Letsche (administrator) on 17-05-2015 at 09:21:04
Running from "C:\Users\Carl Letsche\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: Satellite C655D Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=128 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : CarlLetsche-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2A-39-DF-DE-39-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-88-09-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : E8-39-DF-DE-39-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc2:d58:2d0f:de9a%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 17, 2015 9:04:50 AM
   Lease Expires . . . . . . . . . . : Monday, May 18, 2015 9:04:51 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 199768543
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-67-33-BD-E8-39-DF-DE-39-F9
   DNS Servers . . . . . . . . . . . : 71.242.0.12
                                       71.252.0.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.myhome.westell.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D0BAE916-6029-49E0-832C-0C9CA2EE2E3A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{125E9B46-4982-43A6-98A1-BB4B2FD82E1F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  nsphil01.verizon.net
Address:  71.242.0.12

Name:    google.com
Addresses:  2607:f8b0:4006:80c::1003
      65.199.32.84
      65.199.32.90
      65.199.32.91
      65.199.32.86
      65.199.32.89
      65.199.32.87
      65.199.32.85
      65.199.32.88


Pinging google.com [65.199.32.90] with 32 bytes of data:
Reply from 65.199.32.90: bytes=32 time=62ms TTL=59
Reply from 65.199.32.90: bytes=32 time=77ms TTL=59

Ping statistics for 65.199.32.90:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 77ms, Average = 69ms
Server:  nsphil01.verizon.net
Address:  71.242.0.12

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Reply from 98.138.253.109: bytes=32 time=104ms TTL=53

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 104ms, Maximum = 104ms, Average = 104ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...2a 39 df de 39 f9 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 26 6c 88 09 d0 ......Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 10...e8 39 df de 39 f9 ......Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    281
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    281 fe80::/64                On-link
 10    281 fe80::dc2:d58:2d0f:de9a/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/17/2015 09:21:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xa00
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/17/2015 09:13:05 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/17/2015 09:13:05 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/17/2015 09:11:48 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/17/2015 09:08:17 AM) (Source: .NET Runtime) (User: )
Description: Application: IntuitUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 643E6402 (643C0000) with exit code 80131506.

Error: (05/17/2015 08:41:30 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/17/2015 08:41:30 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/17/2015 08:41:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (05/17/2015 08:36:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: unins000.exe, version: 51.1052.0.0, time stamp: 0x525a5795
Faulting module name: unins000.exe, version: 51.1052.0.0, time stamp: 0x525a5795
Exception code: 0xc0000005
Fault offset: 0x0007a305
Faulting process id: 0x1638
Faulting application start time: 0xunins000.exe0
Faulting application path: unins000.exe1
Faulting module path: unins000.exe2
Report Id: unins000.exe3

Error: (05/17/2015 08:03:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: unins000.exe, version: 51.1052.0.0, time stamp: 0x525a5795
Faulting module name: unins000.exe, version: 51.1052.0.0, time stamp: 0x525a5795
Exception code: 0xc0000005
Fault offset: 0x0007a305
Faulting process id: 0xc3c
Faulting application start time: 0xunins000.exe0
Faulting application path: unins000.exe1
Faulting module path: unins000.exe2
Report Id: unins000.exe3


System errors:
=============
Error: (05/17/2015 09:08:17 AM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/17/2015 09:04:54 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/17/2015 09:04:51 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/17/2015 09:04:50 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/17/2015 09:04:48 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/17/2015 09:03:37 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/17/2015 08:59:34 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/17/2015 08:59:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%1009

Error: (05/17/2015 08:34:03 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2

Error: (05/17/2015 08:33:58 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (05/17/2015 09:21:07 AM) (Source: Application Error)(User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1a0001d090a2e53621f1C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll933c4d9a-fc97-11e4-8d59-00266c8809d0

Error: (05/17/2015 09:13:05 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/17/2015 09:13:05 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/17/2015 09:11:48 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (05/17/2015 09:08:17 AM) (Source: .NET Runtime)(User: )
Description: Application: IntuitUpdateService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 643E6402 (643C0000) with exit code 80131506.

Error: (05/17/2015 08:41:30 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/17/2015 08:41:30 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/17/2015 08:41:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (05/17/2015 08:36:41 AM) (Source: Application Error)(User: )
Description: unins000.exe51.1052.0.0525a5795unins000.exe51.1052.0.0525a5795c00000050007a305163801d0909e1eb1e7caC:\Program Files\IObit\IObit Malware Fighter\unins000.exeC:\Program Files\IObit\IObit Malware Fighter\unins000.exe5dc5e273-fc91-11e4-b9db-00266c8809d0

Error: (05/17/2015 08:03:07 AM) (Source: Application Error)(User: )
Description: unins000.exe51.1052.0.0525a5795unins000.exe51.1052.0.0525a5795c00000050007a305c3c01d090996e97d041C:\Program Files\IObit\IObit Malware Fighter\unins000.exeC:\Program Files\IObit\IObit Malware Fighter\unins000.exeadabcaea-fc8c-11e4-be9c-00266c8809d0


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510af_Help (HKLM\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (HKLM\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (HKLM\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001802114130}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aria Maestosa 1.4.9 (HKLM\...\Aria Maestosa_is1) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon PowerShot ELPH 330 HS_IXUS 255 HS Camera User Guide (HKLM\...\CameraUserGuide-PSELPH330HS_IXUS255HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: 1.82 - NCH Software)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (HKLM\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Fax (HKLM\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKCU\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPSSupply (HKLM\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.31.13 - Oracle Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
Photo Common (HKLM\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Prism Video File Converter (HKLM\...\Prism) (Version: 2.18 - NCH Software)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.15 - NCH Software)
Reservationless-Plus VoIP (HKLM\...\{4A82CB57-2398-44DB-8C20-E654BBD1A9A3}) (Version: 4.0.076 - InterCall, Inc.)
Scan (HKLM\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Wireless USB MUX Driver Package (HKLM\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.60.9 - Sierra Wireless)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toolbox (HKLM\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Supervisor Password (HKLM\...\{401879D1-AC26-43CD-BDDE-E0D5D5608083}) (Version: 2.00.03PLV - )
TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TrayApp (HKLM\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2014 WinPerFedFormset (HKLM\...\{35EEDA1E-9D45-4580-8554-734F45D48A73}) (Version: 014.000.1881 - Intuit Inc.) Hidden
TurboTax 2014 WinPerReleaseEngine (HKLM\...\{F2283AA1-869C-4497-8F18-09E36C67A014}) (Version: 014.000.0477 - Intuit Inc.) Hidden
TurboTax 2014 WinPerTaxSupport (HKLM\...\{5FB042CB-B08A-481E-B076-DC6D0FEB0595}) (Version: 014.000.0212 - Intuit Inc.) Hidden
TurboTax 2014 wmoiper (HKLM\...\{03964FEB-EC9E-48B4-9880-B32CEA87E392}) (Version: 014.000.1302 - Intuit Inc.) Hidden
TurboTax 2014 wpaiper (HKLM\...\{19EDD3D3-69FB-4A6F-9277-4A2527987AA8}) (Version: 014.000.1357 - Intuit Inc.) Hidden
TurboTax 2014 wrapper (HKLM\...\{F5890CC6-26B7-481E-A90E-ACE938AD294F}) (Version: 014.000.0109 - Intuit Inc.) Hidden
Tutor.com Classroom (HKLM\...\{AF9D5106-96FF-469F-B684-F4CDD5938053}) (Version: 6.3.0 - Tutor.com)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.96 - NCH Software)
WebReg (HKLM\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.11.1.514 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3578.9 MB
Available physical RAM: 2632.68 MB
Total Pagefile: 11156.11 MB
Available Pagefile: 10008.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.48 MB

========================= Partitions: =====================================

1 Drive c: (New Volume) (Fixed) (Total:103.95 GB) (Free:46.21 GB) NTFS
4 Drive v: (virtual memory) (Fixed) (Total:7.81 GB) (Free:3.83 GB) NTFS

========================= Users: ========================================

User accounts for \\CARLLETSCHE-PC

Administrator            Carl Letsche             Guest                    


**** End of log ****

C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    
C:\Program Files\NCH Software\Debut\debut.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Program Files\NCH Software\Debut\debutsetup_v1.82.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Program Files\NCH Software\Prism\prism.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files\NCH Software\Prism\prismsetup_v2.18.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files\NCH Software\Recordpad\recordpad.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files\NCH Software\Recordpad\recordpadsetup_v5.15.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files\NCH Software\WavePad\wavepad.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files\NCH Software\WavePad\wavepadsetup_v5.96.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\ProgramData\IObit\ASCDownloader\ASC8\Driver Booster.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\ProgramData\IObit\ASCDownloader\IMF3\Driver Booster.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\Users\All Users\IObit\ASCDownloader\ASC8\Driver Booster.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\Users\All Users\IObit\ASCDownloader\IMF3\Driver Booster.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\Users\Carl Letsche\Downloads\advanced-systemcare-setup(1).exe    a variant of Win32/Toolbar.Widgi.N potentially unwanted application    

Eset found a trojan!

I look forward to hearing what you can tell me, if anything!

Carl-E



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 17 May 2015 - 01:24 PM

Quote

Hosts file not detected in the default directory

 

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

 

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

I would like you to uninstall AVG then run the AVG removal tool, sometimes AVG can cause issues. You may reinstall it after a reboot if you wish.

http://www.techsupportall.com/avg-uninstall-tool/

 

 

 

Here are some less problematic antivirus you can change to.  I am only suggesting these you do not have to change if you do not wish. They are free as well.

 

http://tiranium-antivirus.com/products.html Tiranium Free

http://www.bitdefender.com/solutions/free.html Bitdefender FRee

http://www.360totalsecurity.com/en/ 360 Total Security FRee

 

 

Tell me how the machine is performing now please.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 17 May 2015 - 01:26 PM

Also remove these programs with Revo Free. 

http://www.revouninstaller.com/revo_uninstaller_free_download.html

 

Tutorial for revo use.

http://www.howtogeek.com/79926/completely-uninstall-programs-and-more-with-revo-uninstaller/

 

 

IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)


Edited by InadequateInfirmity, 17 May 2015 - 01:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users