Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser, email, gives "not responding" all the time, am I infected?


  • Please log in to reply
26 replies to this topic

#1 kaolite

kaolite

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 May 2015 - 12:58 PM

Hello

 

Have a Dell Inspiron laptop a few years old.  Intel Core i7.

Lately it seems any process I try to run either takes forever to load or gives me a "not responding".  I wait until it goes away, I try to start again and it comes back.  Firefox just gave me that message as I'm typing this.  Skype is the worst, it takes 10-15 min to load and gives me the "not responding" the most. I work from home and relay on skype to communicate with my co-workers so it's a must. I've run Malware bytes and my anti-virus, neither found anything.  My drives are up to date.

 

I have no idea whats causing this since normally when my computer has run slowly I find at least something on it.

 

Any ideas?



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 08 May 2015 - 01:00 PM

Hi there,

Please follow the instructions below. If you do not understand something, feel free to stop and ask.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#3 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 May 2015 - 02:46 PM

Thank you for the very quick response, I'm in the process of running the Emisoft kit and it has found several trojans which explains a lot. I'm posting the MiniToolBox log first, when Emsisoft is finished Ill edit to post that log.

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by yamik_000 (administrator) on 08-05-2015 at 14:04:26
Running from "C:\Users\yamik_000\Desktop"
Microsoft Windows 8.1  (X64)
Model: Dell System Inspiron 7720 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64


popd
# End of IPv4 configuration

 



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 08 May 2015 - 02:52 PM

Hi there,

It appears that your MiniToolbox log is truncated - please post the full log.

Thank you.

Regards,
Alex

Edited by Alexstrasza, 08 May 2015 - 02:53 PM.


#5 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 May 2015 - 04:20 PM

That was the full log, everything that came up in the notepad.  But Ill see if I can find it.


Edited by kaolite, 08 May 2015 - 04:21 PM.


#6 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 May 2015 - 04:23 PM

Here's the full one, sorry about that.  Emsi is still running, it's found a ton of stuff. <_<

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by yamik_000 (administrator) on 08-05-2015 at 14:04:26
Running from "C:\Users\yamik_000\Desktop"
Microsoft Windows 8.1  (X64)
Model: Dell System Inspiron 7720 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Hamilton
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wowway.com

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 84-A6-C8-2A-18-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : wowway.com
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 84-A6-C8-2A-18-D1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 8, 2015 12:39:25 PM
   Lease Expires . . . . . . . . . . : Friday, May 22, 2015 12:39:31 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 5C-F9-DD-5C-DC-C7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:8fa:11b2:3f57:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::8fa:11b2:3f57:fffc%8(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 201326592
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F0-71-15-5C-F9-DD-5C-DC-C7
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.wowway.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wowway.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com
Addresses:  2607:f8b0:400b:807::1000
      67.149.209.238
      67.149.209.224
      67.149.209.216
      67.149.209.231
      67.149.209.217
      67.149.209.230
      67.149.209.245
      67.149.209.244
      67.149.209.210
      67.149.209.237
      67.149.209.251
      67.149.209.223


Pinging google.com [67.149.209.224] with 32 bytes of data:
Reply from 67.149.209.224: bytes=32 time=26ms TTL=59
Reply from 67.149.209.224: bytes=32 time=15ms TTL=59

Ping statistics for 67.149.209.224:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 26ms, Average = 20ms
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=34ms TTL=53
Reply from 98.139.183.24: bytes=32 time=37ms TTL=53

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 37ms, Average = 35ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...84 a6 c8 2a 18 d2 ......Microsoft Wi-Fi Direct Virtual Adapter
  9...84 a6 c8 2a 18 d1 ......Intel® Centrino® Wireless-N 2230
  3...5c f9 dd 5c dc c7 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    281
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:5ef5:79fd:8fa:11b2:3f57:fffc/128
                                    On-link
  8    306 fe80::/64                On-link
  8    306 fe80::8fa:11b2:3f57:fffc/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/08/2015 01:56:49 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e10

Start Time: 01d089b79daa5aab

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 96349f5b-f5ab-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: Weather.TheWeatherChannel_2.1.6.0_x64__t3yemqpq4kp7p

Faulting package-relative application ID: App

Error: (05/08/2015 01:56:46 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1028

Start Time: 01d089b2a87e5d74

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 963366a2-f5ab-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 01:56:46 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2370

Start Time: 01d089b79dabba77

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 96311c53-f5ab-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (05/08/2015 01:41:39 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b1c

Start Time: 01d089b58539b057

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 793a887e-f5a9-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (05/08/2015 01:40:35 PM) (Source: Application Hang) (User: )
Description: The program Taskmgr.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f8

Start Time: 01d089b5fa722aab

Termination Time: 4294967295

Application Path: C:\WINDOWS\System32\Taskmgr.exe

Report Id: 4ea9933f-f5a9-11e4-bf35-5cf9dd5cdcc7

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2015 01:12:15 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fcc

Start Time: 01d089ad1935e989

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2e74d3d2-f5a3-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:56:45 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 35c

Start Time: 01d089af3c04563b

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 311aeb63-f5a3-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (05/08/2015 00:56:31 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fcc

Start Time: 01d089ad1935e989

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2b17cfed-f5a3-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:31:33 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1058

Start Time: 01d089ab0b774e96

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: fedb7fa4-f59e-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:26:41 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d20

Start Time: 01d089ab0b772780

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: fedde20e-f59e-11e4-bf35-5cf9dd5cdcc7

Faulting package full name: Weather.TheWeatherChannel_2.1.6.0_x64__t3yemqpq4kp7p

Faulting package-relative application ID: App


System errors:
=============
Error: (05/07/2015 05:39:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 7.0 (KB2876229).

Error: (05/05/2015 05:26:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 7.0 (KB2876229).

Error: (05/04/2015 09:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Sony Digital Media Server service terminated with the following error:
%%2147772260

Error: (05/04/2015 09:49:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1068SpfServiceUnavailable{A13E129C-F190-4B14-9AD5-A6C09004E43E}

Error: (05/04/2015 09:49:57 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (05/04/2015 09:49:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1068SpfServiceUnavailable{A13E129C-F190-4B14-9AD5-A6C09004E43E}

Error: (05/04/2015 09:49:57 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (05/04/2015 09:49:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1068SpfServiceUnavailable{A13E129C-F190-4B14-9AD5-A6C09004E43E}

Error: (05/04/2015 09:49:57 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (05/04/2015 09:49:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1068SpfServiceUnavailable{A13E129C-F190-4B14-9AD5-A6C09004E43E}


Microsoft Office Sessions:
=========================
Error: (05/08/2015 01:56:49 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.17415e1001d089b79daa5aab4294967295C:\WINDOWS\system32\backgroundTaskHost.exe96349f5b-f5ab-11e4-bf35-5cf9dd5cdcc7Weather.TheWeatherChannel_2.1.6.0_x64__t3yemqpq4kp7pApp

Error: (05/08/2015 01:56:46 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605102801d089b2a87e5d744294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe963366a2-f5ab-11e4-bf35-5cf9dd5cdcc7microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 01:56:46 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415237001d089b79dabba774294967295C:\WINDOWS\syswow64\wwahost.exe96311c53-f5ab-11e4-bf35-5cf9dd5cdcc7Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (05/08/2015 01:41:39 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.174151b1c01d089b58539b0574294967295C:\WINDOWS\syswow64\wwahost.exe793a887e-f5a9-11e4-bf35-5cf9dd5cdcc7Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (05/08/2015 01:40:35 PM) (Source: Application Hang)(User: )
Description: Taskmgr.exe6.3.9600.1741513f801d089b5fa722aab4294967295C:\WINDOWS\System32\Taskmgr.exe4ea9933f-f5a9-11e4-bf35-5cf9dd5cdcc7

Error: (05/08/2015 01:12:15 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605fcc01d089ad1935e9894294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe2e74d3d2-f5a3-11e4-bf35-5cf9dd5cdcc7microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:56:45 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1741535c01d089af3c04563b4294967295C:\WINDOWS\syswow64\wwahost.exe311aeb63-f5a3-11e4-bf35-5cf9dd5cdcc7Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (05/08/2015 00:56:31 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605fcc01d089ad1935e9894294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe2b17cfed-f5a3-11e4-bf35-5cf9dd5cdcc7microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:31:33 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605105801d089ab0b774e964294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exefedb7fa4-f59e-11e4-bf35-5cf9dd5cdcc7microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/08/2015 00:26:41 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.17415d2001d089ab0b7727804294967295C:\WINDOWS\system32\backgroundTaskHost.exefedde20e-f59e-11e4-bf35-5cf9dd5cdcc7Weather.TheWeatherChannel_2.1.6.0_x64__t3yemqpq4kp7pApp


CodeIntegrity Errors:
===================================
  Date: 2015-05-08 14:01:19.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 13:34:09.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 13:16:05.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 12:55:06.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 12:41:11.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 12:22:07.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 10:46:06.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 10:33:59.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 09:19:04.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 09:13:06.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.2 - Canon Inc.)
CCHelp (x32 Version: 3.00.0010.0000 - Easlman Kodak Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CCScore (x32 Version: 3.00.0020.0001 - Eastman Kodak) Hidden
COMODO Antivirus (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 6.3.32439.2937 - COMODO Security Solutions Inc.)
Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D1102BF0-0FBC-4344-BF90-95DA329C6D4A}) (Version:  - Microsoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.10.0.2 (HKCU\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
GeekBuddy (HKLM-x32\...\{39AB4A9F-97DB-4BCA-981F-B85189115037}) (Version: 4.12.99 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
InfoUSB Detector (HKLM-x32\...\{F658FD83-4745-420C-90DC-2AA3139B6E54}) (Version: 2.00.0001 - Fisher & Paykel Healthcare)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 17.14.0000.2269 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.14.0.0466 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
KSU (x32 Version: 612.7.0008.0000 - Eastman Kodak Compnay) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.1 - mIRC Co. Ltd.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.07 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayMemories Home (HKLM-x32\...\{48FF8436-6FF3-4C75-BDB6-FFAD7D9AD6B1}) (Version: 8.0.20.11140 - Sony Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RocketPDF (HKLM-x32\...\RocketPDF) (Version:  - RocketPDF)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.1.11110 - Sony Corporation) Hidden
Spotify (HKCU\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.19 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{530585A7-6AC9-4C29-81B7-D24A6CB031C8}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{500A5B54-0498-45EA-9AB9-5BB61F984FDF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2965235) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C5DA4AE-EE03-47F0-A77A-E747112EAAC6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{82148027-13B5-4920-97F3-6A44A29B83D0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{2F63E4DE-723C-4785-9776-9F54D456DE31}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C4C319F9-25AE-4EF5-B3EB-1C1EE9AA520D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2956190) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6634BCE3-2F6D-4E7F-A02C-6F045FC1F075}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8764EC2A-9F51-483B-9E00-82806B6A6909}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{30B9D112-E68C-461D-B370-6D0B6AD61AC6}) (Version:  - Microsoft)
USB MassStorage CardReader (HKLM-x32\...\040a_5005) (Version:  - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Care 365 3.59 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.59 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 8046.51 MB
Available physical RAM: 5354.36 MB
Total Pagefile: 9326.51 MB
Available Pagefile: 5362.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.97 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.17 GB) (Free:736.62 GB) NTFS
3 Drive e: () (Removable) (Total:3.69 GB) (Free:2.44 GB) FAT32

========================= Users: ========================================

User accounts for \\HAMILTON

Administrator            Guest                    Ryan                     
UpdatusUser              yamik_000                

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

29-04-2015 19:35:07 Windows Update
05-05-2015 21:24:02 Windows Update
08-05-2015 16:27:34 Intel® Driver Update Utility

**** End of log ****
 


Edited by kaolite, 08 May 2015 - 04:23 PM.


#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 08 May 2015 - 04:42 PM

Hi there,

Please uninstall the following software with Programs and Features:

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Wise Care 365 3.59 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.59 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)

If you need instructions on how to do this or run into any problems, let me know.

After Emsisoft Emergency Kit has completed, please run the following tool.

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Please post logs from EEK and SecurityCheck in your next replies (split them into multiple posts if they are too long) and confirmation that you have uninstalled the above software. :)

Regards,
Alex

#8 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 08 May 2015 - 05:10 PM

Ok here's the EEK log and Ill uninstall those programs and run the other one.

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/8/2015 2:13:19 PM
User account: HAMILTON\yamik_000

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5/8/2015 2:14:10 PM
C:\Users\Ryan\AppData\Roaming\mywordtool     detected: Application.AppInstall (A)
C:\Users\yamik_000\AppData\Local\cre     detected: Application.AppInstall (A)
C:\Users\Ryan\AppData\Local\filetypeassistant     detected: Application.AppInstall (A)
C:\Users\yamik_000\AppData\Local\filetypeassistant     detected: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2012782116-1702301767-3356681026-1002\SOFTWARE\FILETYPEASSISTANT     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2012782116-1702301767-3356681026-1005\SOFTWARE\FILETYPEASSISTANT     detected: Application.InstallAd (A)
C:\ProgramData\Comodo\Cis\Quarantine\data\{05669623-F2E4-49A8-A593-220AEDBCFE4D}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{0ABE0FBD-931F-4F0C-84D4-912622E38C31}     detected: Trojan.Generic.12241881 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{1C154C16-2DC7-42A5-80CE-1E1C090E22C7}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{25539160-069F-4EA3-9192-1C9B15C939B2}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{37310B02-E0FB-487A-87DE-38D219A30FAB}     detected: Gen:Variant.Application.Bundler.25 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{41362F93-E6C9-4C03-8C81-5F84C48BB465}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{4D90FBD3-E179-4724-850F-9CDCF858FAFF}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{698F68A6-5446-4ABF-9173-B21D311C5E98}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{86D3806D-1A1C-41D0-817E-17F4684B0C89}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{B1118DBF-6DE0-474A-A843-553C62EDD32D}     detected: Application.Bundler.AirInstaller.E ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{D90F2026-E40A-4CD9-BE2C-0CCF2CF2F2DD}     detected: Application.Optional (A)
C:\ProgramData\Comodo\Cis\Quarantine\data\{E6D7CB45-96AB-4871-A652-D71D5CAEF6F5}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{EB63F6CF-C4F7-4C41-BA11-FC7BB78A3003}     detected: Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{F1B302CE-7691-4FE1-8785-2165B25E8C6E}     detected: Application.Bundler.AirInstaller.E ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 638) -> [Subject:  Message could not be delivered][Date: Sun, 12 Oct 2014 15:20:31 +0800] -> (MIME part) -> aqwapplications@aq.com.zip -> aqwapplications@aq.com.htm                                   .com     detected: Worm.Generic.24461 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 712) -> [Subject: Unable to deliver your item, #00000347][Date: Sun, 19 Apr 2015 17:37:42 +0100] -> (MIME part) -> Delivery_Notification_00000347798.zip -> Delivery_Notification_00000347798.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 721) -> [Subject: Problems with item delivery, n.0000984][Date: Thu, 16 Apr 2015 16:27:59 +0300] -> (MIME part) -> 0000984144.zip -> 0000984144.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 724) -> [Subject:  Notice of appearance in Court #000001][Date: Sat, 11 Apr 2015 23:27:36 +0530] -> (MIME part) -> Notice_to_Appear_00000169718.zip -> Notice_to_Appear_00000169718.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 796) -> [Subject: Problems with item delivery, n.0000984][Date: Thu, 16 Apr 2015 16:27:59 +0300] -> (MIME part) -> 0000984144.zip -> 0000984144.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 797) -> [Subject: Unable to deliver your item, #00000347][Date: Sun, 19 Apr 2015 17:37:42 +0100] -> (MIME part) -> Delivery_Notification_00000347798.zip -> Delivery_Notification_00000347798.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items -> (message 799) -> [Subject:  Notice of appearance in Court #000001][Date: Sat, 11 Apr 2015 23:27:36 +0530] -> (MIME part) -> Notice_to_Appear_00000169718.zip -> Notice_to_Appear_00000169718.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\INBOX.sbd\Instructions 101 -> (message 258) -> [Subject: Problems with item delivery, n.0000984][Date: Thu, 16 Apr 2015 16:27:59 +0300] -> (MIME part) -> 0000984144.zip -> 0000984144.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\INBOX.sbd\Instructions 101 -> (message 261) -> [Subject: Unable to deliver your item, #00000347][Date: Sun, 19 Apr 2015 17:37:42 +0100] -> (MIME part) -> Delivery_Notification_00000347798.zip -> Delivery_Notification_00000347798.doc.js -> (INFECTED_JS)     detected: JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 28) -> [Subject: Notice to appear][Date: Mon, 24 Nov 2014 16:29:36 -0400] -> (MIME part) -> Note_1615_copy.zip -> Copy_of_document_Nov-24-2014.exe     detected: Trojan.GenericKD.1992198 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 36) -> [Subject: Acceptance of Order][Date: Mon, 01 Dec 2014 17:10:46 -0400] -> (MIME part) -> BestBuy_Order_ID_5771417MN.zip -> BestBuy_Order.exe     detected: Trojan.GenericKD.2004469 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 37) -> [Subject: Thank you for buying from Best Buy][Date: Wed, 03 Dec 2014 13:35:33 -0500] -> (MIME part) -> BestBuy_Order_ID_0605893MN.zip -> BestBuy_Order.exe     detected: Gen:Variant.Zusy.117216 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 53) -> [Subject:  Acknowledgment of Order][Date: Fri, 05 Dec 2014 19:43:46 +0600] -> (MIME part) -> BestBuy_Order_ID_3699377MN.zip -> BestBuy_Order.exe     detected: Gen:Variant.Zusy.117587 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 58) -> [Subject:  Acknowledgment of Order][Date: Mon, 08 Dec 2014 08:32:43 -0400] -> (MIME part) -> BestBuy_Order_ID_3563298MN.zip -> BestBuy_Order.exe     detected: Trojan.Injector.BDI ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 94) -> [Subject: Order Status][Date: Wed, 17 Dec 2014 21:37:43 +0100] -> (MIME part) -> BestBuy_Order_ID_0350434MN.zip -> BestBuy_Order.exe     detected: Trojan.Agent.BGXB ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 106) -> [Subject:  Remittance Advice -JWFT67][Date: Tue, 23 Dec 2014 14:42:01 +0300] -> (MIME part) -> (MIME part) -> JWFT67.xls     detected: X97M.Downloader.D ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 133) -> [Subject: ACO Technologies plc internet fax, HEY][Date: Mon, 19 Jan 2015 19:36:44 +0100] -> (MIME part) -> photoneutron.zip -> photoneutron.zip -> photoneutron.scr     detected: Trojan.Agent.BHHW ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 144) -> [Subject:  2014 Tax payment issue][Date: Fri, 23 Jan 2015 12:26:46 +0100] -> (MIME part) -> (MIME part) -> 23.01.15_29496PQF.xls     detected: W97M.Downloader.ER ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 159) -> [Subject: =?windows-1251?B?SW1wb3J0YW50ISBBbGwgQ][Date: Wed, 28 Jan 2015 15:20:17 -0600] -> (MIME part) -> SS.rar -> SSecure_plugin_v2.0.1.exe     detected: Trojan.GenericKD.2122931 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 184) -> [Subject: Foto de perfil falso face.][Date: Mon, 9 Feb 2015 14:32:56 +0000] -> (MIME part) -> Img_Reportada_Face_Perfil_Falso_2015_Wi -> Img_Reportada_Face_Perfil_Falso_2015_Win.exe     detected: Gen:Variant.Zusy.132810 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 201) -> [Subject: Invoices for INTERCON, INC. Sent on 02][Date: Tue, 17 Feb 2015 15:45:18 +0000] -> (MIME part) -> invoices.zip -> invoices.exe     detected: Trojan.Agent.BHWE ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 208) -> [Subject: Invoices for INTERCON, INC. Sent on 02][Date: Tue, 17 Feb 2015 16:03:25 +0000] -> (MIME part) -> invoices.zip -> invoices.exe     detected: Trojan.Agent.BHWE ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 223) -> [Subject: Order Details][Date:?Tue, 17 Feb 2015 21:43:35 +0300] -> (MIME part) -> order_report.zip -> order_report_328749238742983742938749238.exe     detected: Trojan.Agent.BHVU ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 267) -> [Subject: Thank you for your payment][Date: Wed, 18 Feb 2015 17:08:10 +0000] -> (MIME part) -> attachment.zip -> attachment.exe     detected: Trojan.GenericKD.2170972 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 296) -> [Subject:  eFax message from "POTS modem 2 " - 1][Date: Wed, 25 Feb 2015 14:32:27 +0000] -> (MIME part) -> fax_2342.zip -> fax_2342.exe     detected: Trojan.Agent.BHZY ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 317) -> [Subject: Comprovante de deposito em anexo][Date: Wed, 25 Feb 2015 20:01:13 +0000] -> (MIME part) -> Comprovante_Anexo_Conta_Corrente_Visual -> Comprovante_Anexo_Conta_Corrente_Visualizar_digitalizacao.exe     detected: Gen:Variant.Zusy.130492 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 318) -> [Subject: Incoming Fax][Date: Thu, 26 Feb 2015 10:54:59 -0330] -> (MIME part) -> IncomingFax.zip -> IncomingFax.scr     detected: Trojan.GenericKD.2188037 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 324) -> [Subject: Your Sales Invoice][Date: Thu, 26 Feb 2015 15:22:47 +0000] -> (MIME part) -> 131234.zip -> 131234.exe     detected: Trojan.GenericKD.2188614 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 325) -> [Subject: Your Sales Invoice][Date: Thu, 26 Feb 2015 15:22:47 +0000] -> (MIME part) -> 131234.zip -> 131234.exe     detected: Trojan.GenericKD.2188614 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 326) -> [Subject: Incoming Fax][Date: Thu, 26 Feb 2015 23:37:24 +0900] -> (MIME part) -> IncomingFax.zip -> IncomingFax.scr     detected: Trojan.GenericKD.2188037 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 328) -> [Subject: FWD:][Date: Fri, 27 Feb 2015 18:57:15 +0400] -> (MIME part) -> alert.zip -> alert.exe     detected: Trojan.GenericKD.2190153 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 383) -> [Subject:  eFax message from "unknown" - 1 page(][Date: Fri, 27 Feb 2015 16:51:33 +0000] -> (MIME part) -> FAX_20150226_1424989043_176.zip -> FAX_20150226_1424989043_176.exe     detected: Trojan.GenericKD.2190336 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 434) -> [Subject: UPS Ship Notification, Tracking Number][Date: Wed, 4 Mar 2015 14:28:45 +0000] -> (MIME part) -> Details.zip -> Details.exe     detected: Trojan.GenericKD.2198959 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 515) -> [Subject:  eFax message from "Prod3-1 " - 3 page][Date: Wed, 4 Mar 2015 10:11:50 +0000] -> (MIME part) -> FAX_20150304_1425451975_155.zip -> FAX_20150304_1425451975_155.exe     detected: Trojan.GenericKD.2198669 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 516) -> [Subject:  Remittance advice [Rem_8673WR.xml]][Date: Wed, 04 Mar 2015 12:09:03 +0200] -> (MIME part) -> Rem_8673WR.xml     detected: W97M.Downloader.HS ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 650) -> [Subject:  BBB SBQ Form #0803(Ref#62-871-0-4)][Date: Thu, 5 Mar 2015 13:35:23 +0000] -> (MIME part) -> SBQForm06587.zip -> SBQForm$number4$.exe     detected: Trojan.GenericKD.2201808 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 777) -> [Subject: New fax][Date: Fri, 6 Mar 2015 16:03:14 +0000] -> (MIME part) -> fax-id213131.zip -> fax-id213131.exe     detected: Trojan.GenericKD.2204355 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 779) -> [Subject: New fax][Date: Fri, 6 Mar 2015 16:06:31 +0000] -> (MIME part) -> fax-id213131.zip -> fax-id213131.exe     detected: Trojan.GenericKD.2204355 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 795) -> [Subject: Invoice #: 43-32056-1, Auction : SHOPP][Date: Mon, 9 Mar 2015 13:53:18 +0000] -> (MIME part) -> Invoice.zip -> Invoice.exe     detected: Trojan.GenericKD.2209767 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 837) -> [Subject: Emailing: Serv-Ware Credit Application][Date: Mon, 9 Mar 2015 15:39:00 +0000] -> (MIME part) -> Serv-WareCreditApplication.zip -> Serv-WareCreditApplication.exe     detected: Trojan.GenericKD.2209725 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 849) -> [Subject:  2015 PMQ agreement][Date: Tue, 10 Mar 2015 14:28:06 +0000] -> (MIME part) -> American_Wholesale.zip -> American_Wholesale.exe     detected: Trojan.GenericKD.2211877 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 850) -> [Subject: Bank Reference][Date: Tue, 10 Mar 2015 09:59:38 +0000] -> (MIME part) -> Bank_Ref_(4).zip -> Bank_Ref_(4).exe     detected: Trojan.GenericKD.2211328 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 879) -> [Subject: Bensenville IL- Walk in cooler and fre][Date: Wed, 11 Mar 2015 10:08:58 +0000] -> (MIME part) -> kmc350@da15030310080.zip -> kmc350@da15030310080.exe     detected: Trojan.GenericKD.2213717 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 880) -> [Subject: Bensenville IL- Walk in cooler and fre][Date: Wed, 11 Mar 2015 10:24:46 +0000] -> (MIME part) -> kmc350@da15030310080.zip -> kmc350@da15030310080.exe     detected: Trojan.GenericKD.2213717 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 884) -> [Subject: Please][Date: Wed, 11 Mar 2015 13:56:32 +0000] -> (MIME part) -> documents-id323.zip -> documents-id323.exe     detected: Trojan.GenericKD.2214283 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 910) -> [Subject: Please][Date: Wed, 11 Mar 2015 14:07:01 +0000] -> (MIME part) -> documents-id323.zip -> documents-id323.exe     detected: Trojan.GenericKD.2214283 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 911) -> [Subject: Please][Date: Wed, 11 Mar 2015 14:10:39 +0000] -> (MIME part) -> documents-id323.zip -> documents-id323.exe     detected: Trojan.GenericKD.2214283 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 934) -> [Subject: Qoute][Date: Thu, 12 Mar 2015 13:06:54 +0000] -> (MIME part) -> document.zip -> document.exe     detected: Trojan.GenericKD.2216869 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 936) -> [Subject: Qoute][Date: Thu, 12 Mar 2015 13:05:48 +0000] -> (MIME part) -> document.zip -> document.exe     detected: Trojan.GenericKD.2216869 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 938) -> [Subject: Qoute][Date: Thu, 12 Mar 2015 13:00:05 +0000] -> (MIME part) -> document.zip -> document.exe     detected: Trojan.GenericKD.2216869 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 940) -> [Subject: Qoute][Date: Thu, 12 Mar 2015 12:55:31 +0000] -> (MIME part) -> document.zip -> document.exe     detected: Trojan.GenericKD.2216869 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 942) -> [Subject: Qoute][Date: Thu, 12 Mar 2015 12:41:33 +0000] -> (MIME part) -> document.zip -> document.exe     detected: Trojan.GenericKD.2216869 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 954) -> [Subject: Invoice [2259ZEO] for payment to GREEN][Date: Thu, 12 Mar 2015 11:34:23 +0300] -> (MIME part) -> 2259ZEO.doc     detected: W97M.Downloader.HG ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1027) -> [Subject: Thank you for your business][Date: Thu, 19 Mar 2015 13:39:35 +0100] -> (MIME part) -> invoice-6366686.zip -> invoice.exe     detected: Trojan.Upatre.AC ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1028) -> [Subject: Thank you for your business][Date: Thu, 19 Mar 2015 13:42:38 +0100] -> (MIME part) -> invoice-0937424.zip -> invoice.exe     detected: Trojan.Upatre.AC ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1029) -> [Subject: Thank you for your business][Date: Thu, 19 Mar 2015 13:50:23 +0100] -> (MIME part) -> invoice-3770641.zip -> invoice.exe     detected: Trojan.Upatre.AC ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1031) -> [Subject: JP Morgan Access Secure Message][Date: Thu, 19 Mar 2015 17:17:52 +0200] -> (MIME part) -> JP Morgan Access - Secure.zip -> JP Morgan Access - Secure.scr     detected: Trojan.GenericKD.2234787 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1052) -> [Subject:  JP Morgan Access Secure Message][Date: Thu, 19 Mar 2015 10:34:08 -0500] -> (MIME part) -> JP Morgan Access - Secure.zip -> JP Morgan Access - Secure.scr     detected: Trojan.GenericKD.2234787 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1098) -> [Subject:  Technical failure report][Date: Thu, 19 Mar 2015 12:09:38 -0500] -> (MIME part) -> report_82613007200847.zip -> report_00048919047163.scr     detected: Trojan.GenericKD.2234787 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1104) -> [Subject:  Invoice ID:99c0580 in attachment.][Date: Thu, 19 Mar 2015 18:58:06 +0200] -> (MIME part) -> 99c0580.doc     detected: W97M.Downloader.IA ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1152) -> [Subject: Citi Merchant Services statements - 85][Date: Wed, 25 Mar 2015 13:27:58 +0100] -> (MIME part) -> IrEDjcWn.zip -> Merchant.exe     detected: Trojan.GenericKD.2248597 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1389) -> [Subject: Vistaprint VAT Invoice (644391925)][Date: Mon, 30 Mar 2015 10:44:00 +0100] -> (MIME part) -> USjmmIp{f.zip -> Invoice_1.exe     detected: Trojan.Agent.BIRH ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1406) -> [Subject: Quotation Huv4LHU][Date: Mon, 30 Mar 2015 16:10:34 +0100] -> (MIME part) -> Huv4LHU.zip -> Quotation.exe     detected: Trojan.GenericKD.2261273 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1412) -> [Subject: Quotation rDVroe3][Date: Mon, 30 Mar 2015 16:21:26 +0100] -> (MIME part) -> rDVroe3.zip -> Quotation.exe     detected: Trojan.GenericKD.2261273 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1444) -> [Subject: Important Documents Enclosed - Our Ref][Date: Thu, 02 Apr 2015 13:35:09 +0100] -> (MIME part) -> PQOYRn_72213.zip -> Reporting.exe     detected: Trojan.Downloader.JROY ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1455) -> [Subject: Addendum to TAMBURRI ASSOCIATES INC Fo][Date: Fri, 03 Apr 2015 14:54:01 +0100] -> (MIME part) -> IpgjoRYK-QF0Bjt-GZXexl1p.zip -> smaedjxliz.exe     detected: Trojan.Agent.BIUZ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1456) -> [Subject: Addendum to TAMBURRI ASSOCIATES INC Fo][Date: Fri, 03 Apr 2015 14:54:01 +0100] -> (MIME part) -> IpgjoRYK-QF0Bjt-GZXexl1p.zip -> smaedjxliz.exe     detected: Trojan.Agent.BIUZ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1457) -> [Subject: Addendum to TAMBURRI ASSOCIATES INC Fo][Date: Fri, 03 Apr 2015 14:57:32 +0100] -> (MIME part) -> xdlKcYq2-GnWjD5-3iwSEfEw.zip -> eavtzljn.exe     detected: Trojan.Agent.BIUZ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1546) -> [Subject: SALAMANDER ENERGY PLC has issued the c][Date: Tue, 07 Apr 2015 08:57:08 -0500] -> (MIME part) -> LM3420OKZ.doc     detected: W97M.Downloader.JS ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1556) -> [Subject:  Digital Invoice [YX72525349] from BLA][Date: Tue, 07 Apr 2015 09:32:27 -0000] -> (MIME part) -> YX72525349.doc     detected: W97M.Downloader.JS ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1611) -> [Subject: Thank you][Date: Wed, 08 Apr 2015 15:03:11 +0200] -> (MIME part) -> Customer_department_information.zip -> Customer_department_information.exe     detected: Trojan.Downloader.Small.ABNQ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1619) -> [Subject: BACS Transfer : Remittance for JSAG216][Date: Wed, 8 Apr 2015 13:27:43 +0100] -> (MIME part) -> BACS_Transfer_AQ004719.zip -> BACS_Transfer_AQ004719.scr     detected: Trojan.GenericKD.2281430 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1697) -> [Subject: New Fax][Date: Thu, 09 Apr 2015 16:03:37 +0200] -> (MIME part) -> Data 94562374-PFxUi2-LobibK.zip -> fax data.exe     detected: Trojan.GenericKD.2284463 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1706) -> [Subject: Remittance Advice for 1317.61 from DOW][Date: Thu, 09 Apr 2015 13:37:42 +0200] -> (MIME part) -> CR0660UJK.xls     detected: W97M.Downloader.KG ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1709) -> [Subject: Unknown incoming wire][Date: Thu, 9 Apr 2015 14:36:32 +0300] -> (MIME part) -> electronic_fund_transfer.zip -> electronic_fund_transfer.exe     detected: Trojan.GenericKD.2284344 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1753) -> [Subject: Scanned Image from a Xerox WorkCentre][Date: Mon, 13 Apr 2015 15:15:21 +0530] -> (MIME part) -> Scan001_2266678_037.zip -> Scan001_740109_037.exe     detected: Trojan.GenericKD.2293679 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1758) -> [Subject: FW: Invoice_aq.com][Date: Mon, 13 Apr 2015 20:54:34 +0800] -> (MIME part) -> Invoice_aq.com.zip -> Invoice_004AP71.exe     detected: Trojan.GenericKD.2293679 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1766) -> [Subject:  FW: Invoice_aqworlds.com][Date: Mon, 13 Apr 2015 08:54:33 -0500] -> (MIME part) -> Invoice_aqworlds.com.zip -> Invoice_004AP71.exe     detected: Trojan.GenericKD.2293679 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1786) -> [Subject: RE: Credit Release Request][Date: Tue, 14 Apr 2015 13:53:39 -0600] -> (MIME part) -> n2i16GBd.zip -> report.exe     detected: Trojan.Upatre.AQ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1790) -> [Subject: RE: Credit Release Request][Date: Tue, 14 Apr 2015 21:55:42 +0200] -> (MIME part) -> QHATxRWz.zip -> report.exe     detected: Trojan.Upatre.AQ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1850) -> [Subject: RE: intro][Date: Wed, 15 Apr 2015 10:04:29 -0600] -> (MIME part) -> New doc(58).zip -> New_Document.exe     detected: Trojan.Upatre.AS ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1864) -> [Subject: The Monkey][Date: Thu, 16 Apr 2015 19:22:04 +0100] -> (MIME part) -> Fable #71261020-VMj2nS -> Fable.exe     detected: Trojan.Agent.BJAI ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1865) -> [Subject: Fable][Date: Thu, 16 Apr 2015 11:34:19 -0700] -> (MIME part) -> had #48711987-JKaSpG -> had.exe     detected: Trojan.Agent.BJAI ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1900) -> [Subject: Toulouse FRANCE][Date: Tue, 21 Apr 2015 14:31:31 +0100] -> (MIME part) -> france_creances.zip -> france_creances.cab -> france_creances.scr     detected: Trojan.Agent.BJFL ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1902) -> [Subject: Administrator - Exchange Email id00653][Date: Thu, 24 Jul 2014 09:38:39 GMT] -> (MIME part) -> Exchange_id0065326.zip -> ExchangeEmail.exe     detected: Trojan.GenericKD.2312775 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1918) -> [Subject: Scanned Image from a Xerox WorkCentre][Date: Tue, 21 Apr 2015 15:16:42 +0100] -> (MIME part) -> Scan001_4113420_028.zip -> Scan001_741130_028.exe     detected: Trojan.GenericKD.2314242 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1919) -> [Subject: Your FED TAX payment (ID:H2LIRS1177025][Date: Tue, 21 Apr 2015 16:00:53 +0200] -> (MIME part) -> FEDERAL_tax_notify.zip -> FEDERAL_tax_notify.exe     detected: Trojan.GenericKD.2314242 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1920) -> [Subject: Your FED TAX payment (ID:U1QIRS5511078][Date: Tue, 21 Apr 2015 17:01:11 +0200] -> (MIME part) -> FEDERAL_tax_notify.zip -> FEDERAL_tax_notify.exe     detected: Trojan.GenericKD.2314242 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 1997) -> [Subject: Your account #876340484611 has been ba][Date: Tue, 28 Apr 2015 03:54:23 +0900] -> (MIME part) -> 876340484611.zip -> 876340484611.scr     detected: Trojan.Ransom.Dalexis.J ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2074) -> [Subject: Mms message from +07414 86 43 47][Date: Wed, 29 Apr 2015 17:20:41 +0100] -> (MIME part) -> LE4EF164D72401E.cab -> LE4EF164D72401E.scr     detected: Trojan.Agent.BJMD ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2076) -> [Subject: New credit terms from JP Morgan][Date: Wed, 29 Apr 2015 07:57:31 -0800] -> (MIME part) -> mare111- 14603070.zip -> Chase_Global.exe     detected: Trojan.GenericKD.2338642 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2077) -> [Subject: New credit terms from JP Morgan][Date: Wed, 29 Apr 2015 09:50:10 -0600] -> (MIME part) -> pmurphy- 19583702.zip -> Chase_Global.exe     detected: Gen:Variant.Mikey.12400 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2093) -> [Subject: Declined transaction][Date: Thu, 30 Apr 2015 14:29:36 +0000] -> (MIME part) -> invoice2121.zip -> invoice2121.exe     detected: Trojan.Upatre.BB ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2120) -> [Subject: Debit][Date: Mon, 4 May 2015 17:31:57 +0000] -> (MIME part) -> Savoy.zip -> Savoy.exe     detected: Trojan.Upatre.Gen.3 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2123) -> [Subject: Rejected operation alert][Date: Mon, 04 May 2015 10:03:46 -0600] -> (MIME part) -> cancelation_message_data.zip -> cancelation_notification_data.exe     detected: Trojan.Upatre.Gen.3 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2124) -> [Subject: Rejected operation alert][Date: Mon, 04 May 2015 10:03:46 -0600] -> (MIME part) -> cancelation_message_data.zip -> cancelation_notification_data.exe     detected: Trojan.Upatre.Gen.3 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2215) -> [Subject: Rejected invoice warning][Date: Wed, 06 May 2015 02:25:34 +0800] -> (MIME part) -> cancelation_invoice_document.zip -> nullfication_invoice_statement.exe     detected: Trojan.Agent.BJPJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2232) -> [Subject: Rejected invoice alert][Date: Thu, 07 May 2015 03:18:12 +1200] -> (MIME part) -> J2wNKrUS.zip -> cancelation_invoice_details.exe     detected: Trojan.Agent.BJPZ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk -> (message 2238) -> [Subject: Invoice in accordance][Date: Thu, 07 May 2015 11:13:51 -0600] -> (MIME part) -> GkIRoBEB.zip -> public_rule_confirmed_copy.exe     detected: Trojan.Downloader.JRSM ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 18) -> [Subject:  Notice of appearance][Date: Mon, 03 Nov 2014 10:11:15 -0500] -> (MIME part) -> Note_7570_copy.zip -> Copy_of_document_Nov-03-2014.exe     detected: Trojan.Agent.BGJL ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 157) -> [Subject:  Acknowledgment of Order][Date: Fri, 05 Dec 2014 19:43:46 +0600] -> (MIME part) -> BestBuy_Order_ID_3699377MN.zip -> BestBuy_Order.exe     detected: Gen:Variant.Zusy.117587 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 176) -> [Subject:  Order Status][Date: Tue, 09 Dec 2014 21:38:52 -0400] -> (MIME part) -> BestBuy_Order_ID_9333607MN.zip -> BestBuy_Order.exe     detected: Gen:Variant.Zusy.117940 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 178) -> [Subject:  Thank you for your order][Date: Wed, 10 Dec 2014 14:51:54 -0400] -> (MIME part) -> BestBuy_Order_ID_9764319MN.zip -> BestBuy_Order.exe     detected: Trojan.Agent.BGTD ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 188) -> [Subject:  Thank you for your order][Date: Fri, 12 Dec 2014 02:28:21 -0400] -> (MIME part) -> BestBuy_Order_ID_1607920MN.zip -> BestBuy_Order.exe     detected: Gen:Variant.Zusy.118509 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 208) -> [Subject:  Thank you for your order][Date: Wed, 17 Dec 2014 02:10:40 +0300] -> (MIME part) -> BestBuy_Order_ID_0867961MN.zip -> BestBuy_Order.exe     detected: Trojan.Agent.BGWH ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 342) -> [Subject:  SEPA REMITTANCE ADVICE 4343.44 EUR 12][Date: Wed, 14 Jan 2015 17:01:15 +0530] -> (MIME part) -> SE042NJ.doc     detected: W97M.Downloader.ED ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 429) -> [Subject:  COSMOPOLITAN COSMETICS][Date: Wed, 28 Jan 2015 20:18:46 +0100] -> (MIME part) -> cosmopolitan_cosmetics.cab -> cosmopolitan_cosmetics.scr     detected: Trojan.Downloader.JRJH ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 432) -> [Subject:  eFax 54709161][Date: Wed, 28 Jan 2015 18:09:05 +0000] -> (MIME part) -> fax_6484575.zip -> fax.exe     detected: Trojan.GenericKD.2122714 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 433) -> [Subject:  eFax 54709161][Date: Wed, 28 Jan 2015 18:09:05 +0000] -> (MIME part) -> fax_6484575.zip -> fax.exe     detected: Trojan.GenericKD.2122714 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 508) -> [Subject:  New incoming fax][Date: Thu, 5 Feb 2015 16:44:21 +0000] -> (MIME part) -> fax1657.zip -> fax.exe     detected: Trojan.GenericKD.2146101 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 509) -> [Subject:  New incoming fax][Date: Thu, 5 Feb 2015 17:13:33 +0000] -> (MIME part) -> fax1269.zip -> fax.exe     detected: Trojan.GenericKD.2146101 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 568) -> [Subject:  Copy [ID:A20E24019] attaced][Date: Wed, 18 Feb 2015 14:26:01 +0300] -> (MIME part) -> A20E24019.xlsm     detected: Trojan.Exploit.Msexcel.W ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 621) -> [Subject:  supply only quotation 16822 in total][Date: Fri, 20 Feb 2015 13:48:49 +0000] -> (MIME part) -> quotes.zip -> quotes.exe     detected: Trojan.GenericKD.2176337 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 624) -> [Subject:  supply only quotation 16822 in total][Date: Fri, 20 Feb 2015 13:13:39 +0000] -> (MIME part) -> quotes.zip -> quotes.exe     detected: Trojan.GenericKD.2176337 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 625) -> [Subject:  supply only quotation 16822 in total][Date: Fri, 20 Feb 2015 13:16:34 +0000] -> (MIME part) -> quotes.zip -> quotes.exe     detected: Trojan.GenericKD.2176337 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 915) -> [Subject:  eFax message from "POTS modem 4 " - 2][Date: Mon, 2 Mar 2015 15:44:08 +0000] -> (MIME part) -> FAX_20150301_1425207426_89.zip -> FAX_20150301_1425207426_89.exe     detected: Trojan.GenericKD.2194819 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 919) -> [Subject:  eFax message from "POTS modem 4 " - 2][Date: Mon, 2 Mar 2015 15:40:47 +0000] -> (MIME part) -> FAX_20150301_1425207426_89.zip -> FAX_20150301_1425207426_89.exe     detected: Trojan.GenericKD.2194819 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 922) -> [Subject:  eFax message from "unknown" - 1 page(][Date: Tue, 3 Mar 2015 11:57:46 +0000] -> (MIME part) -> FAX_20150302_1425293884_127.zip -> FAX_20150302_1425293884_127.exe     detected: Trojan.GenericKD.2196368 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1107) -> [Subject:  eFax message from "POTS modem 4 " - 2][Date: Fri, 6 Mar 2015 16:26:48 +0000] -> (MIME part) -> FAX_20150305_1425595410_142.zip -> FAX_20150305_1425595410_142.exe     detected: Trojan.GenericKD.2204226 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1302) -> [Subject:  eFax message from "POTS modem 2 " - 1][Date: Wed, 11 Mar 2015 16:03:59 +0000] -> (MIME part) -> FAX_20150311_1426082680_127.zip -> FAX_20150311_1426082680_127.exe     detected: Trojan.GenericKD.2214597 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1303) -> [Subject:  eFax message from "POTS modem 2 " - 1][Date: Wed, 11 Mar 2015 16:06:38 +0000] -> (MIME part) -> FAX_20150311_1426082680_127.zip -> FAX_20150311_1426082680_127.exe     detected: Trojan.GenericKD.2214597 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1305) -> [Subject:  eFax message from "POTS modem 2 " - 1][Date: Wed, 11 Mar 2015 16:23:40 +0000] -> (MIME part) -> FAX_20150311_1426082680_127.zip -> FAX_20150311_1426082680_127.exe     detected: Trojan.GenericKD.2214597 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1306) -> [Subject:  eFax message from "POTS modem 2 " - 1][Date: Wed, 11 Mar 2015 16:29:08 +0000] -> (MIME part) -> FAX_20150311_1426082680_127.zip -> FAX_20150311_1426082680_127.exe     detected: Trojan.GenericKD.2214597 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1461) -> [Subject:  eFax message from "unknown" - 1 page(][Date: Fri, 13 Mar 2015 16:12:49 +0000] -> (MIME part) -> FAX_20150313_1426242566_167.zip -> FAX_20150313_1426242566_167.exe     detected: Trojan.GenericKD.2220027 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1550) -> [Subject:  JP Morgan Access Secure Message][Date: Thu, 19 Mar 2015 10:34:08 -0500] -> (MIME part) -> JP Morgan Access - Secure.zip -> JP Morgan Access - Secure.scr     detected: Trojan.GenericKD.2234787 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1567) -> [Subject:  Technical failure report][Date: Thu, 19 Mar 2015 12:09:38 -0500] -> (MIME part) -> report_82613007200847.zip -> report_00048919047163.scr     detected: Trojan.GenericKD.2234787 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1571) -> [Subject:  Invoice ID:99c0580 in attachment.][Date: Thu, 19 Mar 2015 18:58:06 +0200] -> (MIME part) -> 99c0580.doc     detected: W97M.Downloader.IA ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 1785) -> [Subject:  ADP Payroll Invoice for week ending 0][Date: Fri, 27 Mar 2015 14:00:05 +0100] -> (MIME part) -> ADP.zip -> ADP.exe     detected: Trojan.Agent.BIPM ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 2198) -> [Subject:  anniversary Report][Date: Thu, 09 Apr 2015 18:15:02 +0100] -> (MIME part) -> Loyds #Thu, 09 Apr 2015 18:15:02 +0100. -> Report.exe     detected: Trojan.GenericKD.2284838 ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail -> (message 2507) -> [Subject: Doar Saptamana aceasta iti oferim Chil][Date: Wed, 22 Apr 2015 07:01:36 -0400] -> (MIME part) -> 64florenta.zip -> helpteam.pdf  _________________________________________.exe     detected: Trojan.Agent.BJES ( B)
C:\Users\yamik_000\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-BP-10605508.exe     detected: Application.Win32.AppInstall (A)
C:\Users\yamik_000\Downloads\MediaPlayerClassic.exe     detected: Gen:Variant.Application.Bundler.Strictor.61722 ( B)

Scanned    342452
Found    152

Scan end:    5/8/2015 5:59:22 PM
Scan time:    3:45:12

C:\Users\yamik_000\Downloads\MediaPlayerClassic.exe    Quarantined Gen:Variant.Application.Bundler.Strictor.61722 ( B)
C:\Users\yamik_000\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-BP-10605508.exe    Quarantined Application.Win32.AppInstall (A)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk E-mail    Quarantined Trojan.Agent.BJES ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\mail.battleon-1.com\Junk    Quarantined Trojan.Downloader.JRSM ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\INBOX.sbd\Instructions 101    Quarantined JS:Trojan.Crypt.NJ ( B)
C:\Users\yamik_000\AppData\Roaming\Thunderbird\Profiles\wpztqi53.default\ImapMail\imap.battleon.com\Deleted Items    Quarantined JS:Trojan.Crypt.NJ ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{F1B302CE-7691-4FE1-8785-2165B25E8C6E}    Quarantined Application.Bundler.AirInstaller.E ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{EB63F6CF-C4F7-4C41-BA11-FC7BB78A3003}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{E6D7CB45-96AB-4871-A652-D71D5CAEF6F5}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{D90F2026-E40A-4CD9-BE2C-0CCF2CF2F2DD}    Quarantined Application.Optional (A)
C:\ProgramData\Comodo\Cis\Quarantine\data\{B1118DBF-6DE0-474A-A843-553C62EDD32D}    Quarantined Application.Bundler.AirInstaller.E ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{86D3806D-1A1C-41D0-817E-17F4684B0C89}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{698F68A6-5446-4ABF-9173-B21D311C5E98}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{4D90FBD3-E179-4724-850F-9CDCF858FAFF}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{41362F93-E6C9-4C03-8C81-5F84C48BB465}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{37310B02-E0FB-487A-87DE-38D219A30FAB}    Quarantined Gen:Variant.Application.Bundler.25 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{25539160-069F-4EA3-9192-1C9B15C939B2}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{1C154C16-2DC7-42A5-80CE-1E1C090E22C7}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{0ABE0FBD-931F-4F0C-84D4-912622E38C31}    Quarantined Trojan.Generic.12241881 ( B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{05669623-F2E4-49A8-A593-220AEDBCFE4D}    Quarantined Gen:Variant.Application.Jatif.320 ( B)
Key: HKEY_USERS\S-1-5-21-2012782116-1702301767-3356681026-1005\SOFTWARE\FILETYPEASSISTANT    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2012782116-1702301767-3356681026-1002\SOFTWARE\FILETYPEASSISTANT    Quarantined Application.InstallAd (A)
C:\Users\yamik_000\AppData\Local\filetypeassistant    Quarantined Application.AppInstall (A)
C:\Users\Ryan\AppData\Local\filetypeassistant    Quarantined Application.AppInstall (A)
C:\Users\yamik_000\AppData\Local\cre    Quarantined Application.AppInstall (A)
C:\Users\Ryan\AppData\Roaming\mywordtool    Quarantined Application.AppInstall (A)

Quarantined    26
 

 

Edit: and here's Security Check

 Results of screen317's Security Check version 1.001  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Java version 32-bit out of Date!
 Adobe Flash Player     17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (37.0.2)
 Mozilla Thunderbird (31.6.0)
 Google Chrome (42.0.2311.135)
 Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

Unistalled everything you asked me to.


Edited by kaolite, 08 May 2015 - 05:31 PM.


#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 08 May 2015 - 05:32 PM

Hi there,

Your junk box is a malware wonderland... malware hunters would love it. :lol: I suggest that you empty your junk box once in a while.

Some of EEK's detections are in Comodo's quarantine - you can remove them by emptying Comodo's quarantine instead.

It's late here, so I have to go offline. I will leave you instructions on what to do next.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner

You will need to use Internet Explorer for this scan.
  • Hold down Ctrl and click here to open ESET Online Scanner in a new window.
  • Click the ESET Online Scanner button.
  • Put a checkmark in "YES, I accept the Terms of Use."
  • Click Start.
  • Accept any security warnings from your browser.
  • Under Scan settings, put a checkmark in Scan Archives.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Scan.
  • ESET Online Scanner will automatically update and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats.
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Please report the status of your computer after you have finished all the steps.

Regards,
Alex

#10 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 09 May 2015 - 07:33 AM

The email isn't just mine, I use Thunderbird to link to several company emails so more than likely it's that.  I dont have authory to empty anyones but mine. :)

I have MBAM already so I made sure it was updated and ran a scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/8/2015
Scan Time: 6:59:21 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.08.09
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: yamik_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469341
Time Elapsed: 2 hr, 10 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV1734.tmp, Quarantined, [3306f29f3555aa8cf7ebed4a6c96867a],
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV27FE.tmp, Quarantined, [d267a0f1286276c07b672d0a2ed4837d],
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV2EC6.tmp, Quarantined, [1524f29f5a301125677ba394659d33cd],
PUP.Optional.AirAdInstaller, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV3EC5.tmp, Quarantined, [a7925839f3970036ca8c46f6629e21df],
Trojan.Kryptik, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV4518.tmp, Quarantined, [a297b1e03d4d3ff72c61d433bb47b24e],
PUP.Optional.AirAdInstaller, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAV600B.tmp, Quarantined, [3702bdd4791194a269ed49f3916f04fc],
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAVEC58.tmp, Quarantined, [5adfe2af25657eb81ac8ef486e9453ad],
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAVF36D.tmp, Quarantined, [bb7ec4cd28626ec8b62c211638caa759],
PUP.Optional.OptimunInstaller, C:\ProgramData\Comodo\Cis\Quarantine\Temp\CAVFDFD.tmp, Quarantined, [66d3632e89010d29f8ed4dfeb24e8d73],

Physical Sectors: 0
(No malicious items detected)


(end)
 

ESET scan

 

C:\Users\All Users\Comodo\Cis\Quarantine\data\{1A7C9F50-BDD4-4288-AB03-10324F19F9F5}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{2E6EB44F-F181-4565-8047-8D87C87A011A}    a variant of Win32/InstallCore.VW potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{7F7BAD29-DA7A-47DF-9F90-96A1E81C0FF3}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{84107391-A7ED-4C5D-A15C-1E836E167476}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{C12E0483-FD60-40A0-92D6-73618EE16D24}    a variant of Win32/InstallCore.BY potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{F2B8007D-E044-4354-8E41-BE1A6E0852A1}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{F3A0CA0D-2E73-4100-B08C-05C47D0C53A5}    a variant of Win32/InstallCore.BY potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{FFB7D524-EECF-448A-9803-0FCB0CDA4B29}    a variant of Win32/InstallCore.VW potentially unwanted application    
C:\$Recycle.Bin\S-1-5-21-2012782116-1702301767-3356681026-1002\$R53M6XJ.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2012782116-1702301767-3356681026-1002\$RLMN4JQ.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2012782116-1702301767-3356681026-1002\$RP00UV6.exe    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-2012782116-1702301767-3356681026-1002\$RPG1VUS.exe    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{1A7C9F50-BDD4-4288-AB03-10324F19F9F5}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{2E6EB44F-F181-4565-8047-8D87C87A011A}    a variant of Win32/InstallCore.VW potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{7F7BAD29-DA7A-47DF-9F90-96A1E81C0FF3}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{84107391-A7ED-4C5D-A15C-1E836E167476}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{C12E0483-FD60-40A0-92D6-73618EE16D24}    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{F2B8007D-E044-4354-8E41-BE1A6E0852A1}    a variant of Win32/InstallCore.JE.gen potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{F3A0CA0D-2E73-4100-B08C-05C47D0C53A5}    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{FFB7D524-EECF-448A-9803-0FCB0CDA4B29}    a variant of Win32/InstallCore.VW potentially unwanted application    deleted - quarantined
C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003ef3    JS/Kryptik.ALB trojan    deleted - quarantined
C:\Users\yamik_000\Downloads\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\Users\yamik_000\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\yamik_000\Downloads\Downloads\ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Users\yamik_000\Downloads\Downloads\ccsetup327.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\yamik_000\Downloads\Downloads\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\VTRoot\HarddiskVolume2\Users\yamik_000\AppData\Local\Temp\{CB825CBD-EEFC-42BF-8CEC-385C82F8B32E}\SearchProtectionSetup.exe    a variant of Win32/Toolbar.Widgi.N potentially unwanted application    deleted - quarantined

 

I restarted after MBAM but Im going to do it again now.  Ill edit to say how the comp is.
 


Edited by kaolite, 09 May 2015 - 08:38 AM.


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 09 May 2015 - 07:46 AM

Hi there,

Please post a new post if you need to add information instead of editing, as I don't get a notification about new posts if you edit your old post.

Thank you :)

Alex

#12 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 09 May 2015 - 07:52 AM

Browser seems ok, skype still gives me the "not responding" but I think that has more to do with my version of skype.  Email seems to be okay now too. 

 

Thank you for your help, if theres anything else I need to do please let me know :)



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 09 May 2015 - 07:54 AM

Please complete the scan with ESET Online Scanner to make sure that nothing else is lurking. Then I will address a couple of issues.

Thank you :)

Regards,
Alex

#14 kaolite

kaolite
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 09 May 2015 - 08:37 AM

I did, thats what the second list is, sorry I forgot to say that.  Edited the post to show where it starts.



#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 AM

Posted 09 May 2015 - 10:13 AM

Hi there,

Please reinstall Skype and see if the freezing problem persists.

Do you use Comodo GeekBuddy? You might need to reinstall Comodo Antivirus, as it appears to be missing a file.

Please take a moment to read about the dangers of registry cleaners, and why you should not use them.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
PC boosters/optimizers are also not recommended, due to them are borderline scams. If you need to clean junk from your machine then CCleaner is enough.

Do you have any other questions before we wrap this up?

Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users