Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slower and acting strange


  • Please log in to reply
13 replies to this topic

#1 Cerruth

Cerruth

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 11 May 2015 - 03:54 PM

Hello, I'm gonna keep this as short and detailed as possible.

 

I'm posting here to ask for help from someone who knows more than I do about a potential infection and what I need to do to remove it and or restore my PC's speed. This problem is getting in front of my everyday tasks and hobbies involving my computer.

 

My computer (Windows 7 Ultimate 64-bit) has been slower in terms of startup (not booting but when I am logged in), I have attempted to limit the amount of start up programs and it's still a bit slower than normal. I have also had webpages loading slower despite my internet speeds (90 up, 25 down). The most recent problem I've been having is freezing when waking from sleep mode.

 

I've been deleting old files and scanning my computer daily, and I'm running into an issue every day. I've heard about some people having problems between MSE and Bitdefender, and I'm having a log come up every reboot about "Virus:DOS/EICAR_test_File". This is coming up for TONS of files in different but similarly named folders in my windows temp folder. The file extension is "gzquar", which I believe is the file name for Bitdefender quarentined files. As of now MSE seems to be removing some of these folders but they keep coming back.

 

This is all the issues I know of, and there're probably many more hidden somewhere. I'd really appreciate some help. 

 

Thank you.

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 11 May 2015 - 04:03 PM

Hi there,

Let's take a look.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 11 May 2015 - 05:41 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Ethan (administrator) on 11-05-2015 at 17:38:12
Running from "C:\Users\Ethan\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="ethernet_14" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Nemesis
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hr.cox.net
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-65-89-2C-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : DC-85-DE-43-BF-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hr.cox.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-14-BE-33-6D-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.114(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 11, 2015 4:29:41 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 12, 2015 4:29:41 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 213.73.91.35
                                       68.105.28.12
                                       68.105.29.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{65892C4A-1C46-40A6-AA09-3383C9B17F8A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A90BC3E4-A901-47A0-96D3-11AEC998821B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hr.cox.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hr.cox.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dnscache.berlin.ccc.de
Address:  213.73.91.35
 
Name:    google.com
Addresses:  2a00:1450:4016:805::200e
 216.58.211.46
 
 
Pinging google.com [216.58.211.46] with 32 bytes of data:
Reply from 216.58.211.46: bytes=32 time=113ms TTL=50
Reply from 216.58.211.46: bytes=32 time=129ms TTL=50
 
Ping statistics for 216.58.211.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 113ms, Maximum = 129ms, Average = 121ms
Server:  dnscache.berlin.ccc.de
Address:  213.73.91.35
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=111ms TTL=51
Reply from 98.138.253.109: bytes=32 time=121ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 111ms, Maximum = 121ms, Average = 116ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...00 ff 65 89 2c 4a ......TAP-Win32 Adapter V9
 17...dc 85 de 43 bf cc ......Bluetooth Device (Personal Area Network) #2
 14...00 14 be 33 6d ac ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.114     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.114    276
    192.168.1.114  255.255.255.255         On-link     192.168.1.114    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.114    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.114    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.114    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/11/2015 04:31:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 04:25:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 07:43:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2015 11:07:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2015 01:20:45 PM) (Source: Application Hang) (User: )
Description: The program RAMDisk.exe version 4.4.0.33 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 404c
 
Start Time: 01d08a7c3fed6f54
 
Termination Time: 19
 
Application Path: C:\Program Files (x86)\RAMDisk\RAMDisk.exe
 
Report Id: b559f147-f66f-11e4-a552-dc85de43bfcc
 
Error: (05/09/2015 00:20:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: bf4.exe, version: 1.4.2.25648, time stamp: 0x54e3fd7a
Faulting module name: atidxx64.dll_unloaded, version: 0.0.0.0, time stamp: 0x551aff3f
Exception code: 0xc0000005
Fault offset: 0x000007fef5cfedfc
Faulting process id: 0x1aa0
Faulting application start time: 0xbf4.exe0
Faulting application path: bf4.exe1
Faulting module path: bf4.exe2
Report Id: bf4.exe3
 
Error: (05/08/2015 03:33:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: DiscSoftBusService.exe, version: 5.0.1.407, time stamp: 0x551a3f55
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000000023c
Faulting process id: 0x12c8
Faulting application start time: 0xDiscSoftBusService.exe0
Faulting application path: DiscSoftBusService.exe1
Faulting module path: DiscSoftBusService.exe2
Report Id: DiscSoftBusService.exe3
 
Error: (05/07/2015 08:37:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: bf4.exe, version: 1.4.2.25648, time stamp: 0x54e3fd7a
Faulting module name: atidxx64.dll_unloaded, version: 0.0.0.0, time stamp: 0x551aff3f
Exception code: 0xc0000005
Fault offset: 0x000007fef5cfedfc
Faulting process id: 0x3b8
Faulting application start time: 0xbf4.exe0
Faulting application path: bf4.exe1
Faulting module path: bf4.exe2
Report Id: bf4.exe3
 
Error: (05/07/2015 05:35:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: DayZCommander.exe, version: 0.9.1.117, time stamp: 0x54e2a9e8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73304f11
Faulting process id: 0xb28
Faulting application start time: 0xDayZCommander.exe0
Faulting application path: DayZCommander.exe1
Faulting module path: DayZCommander.exe2
Report Id: DayZCommander.exe3
 
Error: (05/07/2015 05:35:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: bf4.exe, version: 1.4.2.25648, time stamp: 0x54e3fd7a
Faulting module name: atidxx64.dll_unloaded, version: 0.0.0.0, time stamp: 0x551aff3f
Exception code: 0xc0000005
Fault offset: 0x000007fef5cfedfc
Faulting process id: 0x284c
Faulting application start time: 0xbf4.exe0
Faulting application path: bf4.exe1
Faulting module path: bf4.exe2
Report Id: bf4.exe3
 
 
System errors:
=============
Error: (05/11/2015 05:02:50 PM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/11/2015 04:42:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (05/11/2015 04:39:43 PM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (05/11/2015 04:39:19 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/11/2015 04:39:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (05/11/2015 04:37:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/EICAR_Test_File60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Virus:DOS/EICAR_Test_File603
 
Name: Virus:DOS/EICAR_Test_File
 
ID: 2147519003
 
Severity: %Virus:DOS/EICAR_Test_File600
 
Category: %Virus:DOS/EICAR_Test_File602
 
Path: 4.7.0205.02
 
Detection Origin: 4.7.0205.04
 
Detection Type: 4.7.0205.08
 
Detection Source: %Virus:DOS/EICAR_Test_File608
 
User: {57E77C8C-CE73-466B-8D91-561C9737BD48}9
 
Process Name: %Virus:DOS/EICAR_Test_File609
 
Action: {57E77C8C-CE73-466B-8D91-561C9737BD48}1
 
Action Status:  {57E77C8C-CE73-466B-8D91-561C9737BD48}8
 
Error Code: {57E77C8C-CE73-466B-8D91-561C9737BD48}3
 
Error description: {57E77C8C-CE73-466B-8D91-561C9737BD48}4
 
Signature Version: 2015-05-11T20:37:02.570Z1
 
Engine Version: 2015-05-11T20:37:02.570Z2
 
Error: (05/11/2015 04:34:17 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/11/2015 04:30:13 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/11/2015 04:30:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (05/11/2015 04:23:50 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:14:15 PM on ‎5/‎11/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (05/11/2015 04:31:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 04:25:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 07:43:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2015 11:07:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2015 01:20:45 PM) (Source: Application Hang)(User: )
Description: RAMDisk.exe4.4.0.33404c01d08a7c3fed6f5419C:\Program Files (x86)\RAMDisk\RAMDisk.exeb559f147-f66f-11e4-a552-dc85de43bfcc
 
Error: (05/09/2015 00:20:49 PM) (Source: Application Error)(User: )
Description: bf4.exe1.4.2.2564854e3fd7aatidxx64.dll_unloaded0.0.0.0551aff3fc0000005000007fef5cfedfc1aa001d08a712be42caaC:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeatidxx64.dll5a39c821-f667-11e4-a552-dc85de43bfcc
 
Error: (05/08/2015 03:33:13 PM) (Source: Application Error)(User: )
Description: DiscSoftBusService.exe5.0.1.407551a3f55unknown0.0.0.000000000c0000005000000000000023c12c801d087a240344631C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exeunknown1091b501-f5b9-11e4-a552-dc85de43bfcc
 
Error: (05/07/2015 08:37:33 PM) (Source: Application Error)(User: )
Description: bf4.exe1.4.2.2564854e3fd7aatidxx64.dll_unloaded0.0.0.0551aff3fc0000005000007fef5cfedfc3b801d0892441743204C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeatidxx64.dll6a1302f0-f51a-11e4-a552-dc85de43bfcc
 
Error: (05/07/2015 05:35:16 PM) (Source: Application Error)(User: )
Description: DayZCommander.exe0.9.1.11754e2a9e8unknown0.0.0.000000000c000041d73304f11b2801d08864281e9a2eC:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exeunknownf331eb57-f500-11e4-a552-dc85de43bfcc
 
Error: (05/07/2015 05:35:12 PM) (Source: Application Error)(User: )
Description: bf4.exe1.4.2.2564854e3fd7aatidxx64.dll_unloaded0.0.0.0551aff3fc0000005000007fef5cfedfc284c01d0890b7c279ea1C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeatidxx64.dllf097fcd7-f500-11e4-a552-dc85de43bfcc
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-26 10:56:37.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-26 10:56:37.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-03 16:40:29.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sfhlp02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-03 16:40:29.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sfhlp02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-03 18:43:24.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-03 18:43:24.927
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-03 18:42:48.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-03 18:42:48.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-02 18:34:33.149
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-02 18:34:33.123
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F37C2975-92EA-59CA-59E6-50E56F0E76DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2 RFT Uninstall (HKLM-x32\...\Arma 2 RFT) (Version:  - )
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.30249 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creatures Of Darkness (HKLM-x32\...\{553D1EF0-6491-4749-957E-AA912519E4BE}) (Version: 4.4.21 - Screaming Bee Inc.) Hidden
Creatures of Darkness Voices for MorphVOX (HKLM-x32\...\{a11adeb7-c5f0-4f2f-83c4-96b107776cae}) (Version: 4.4.21 - Screaming Bee Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{668B7711-6DAF-465F-9BE2-F3C07C962131}) (Version: 0.92.117 - Dotjosh Studios)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Galactic Voices (HKLM-x32\...\{C4204D98-0203-4FF6-B954-6AFD4D8290B8}) (Version: 4.4.21 - Screaming Bee Inc.) Hidden
Galactic Voices for MorphVOX (HKLM-x32\...\{f931b4b3-3d37-4a73-9142-f9f93e366072}) (Version: 4.4.21 - Screaming Bee Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\{D23A947A-7D38-3AF8-B3D5-BE988282D40D}) (Version: 66.41.32883 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
IdleMaster (HKCU\...\64f315a695d36dc0) (Version: 0.8.0.0 - IdleMaster)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval Engineers (HKLM-x32\...\Steam App 333950) (Version:  - Keen Software House)
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
MorphVOX Pro (HKLM-x32\...\{d92c88d7-75c9-461f-a55e-1f4f66e82bfe}) (Version: 4.4.25.18818 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{F9E1E22B-B7AB-4E7B-B6F6-C2F365E8EA22}) (Version: 4.4.25.18818 - Screaming Bee) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150401.105367 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Personality Voices (HKLM-x32\...\{DCF84BE6-76B2-452F-A4DF-DC01DA0D25E4}) (Version: 4.4.21 - Screaming Bee Inc.) Hidden
Personality Voices for MorphVOX (HKLM-x32\...\{da9b1e64-24d5-4c4c-b687-270ea6065b14}) (Version: 4.4.21 - Screaming Bee Inc.)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
RAMDisk (HKLM-x32\...\{4EA812AB-8B86-4386-BB27-59D15C47531E}) (Version: 4.4.0.33 - Dataram, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Special Effects Voices (HKLM-x32\...\{06BA8EA9-6EC7-479F-9658-202A854C6B6E}) (Version: 4.4.21 - Screaming Bee Inc.) Hidden
Special Effects Voices for MorphVOX (HKLM-x32\...\{f76834ed-fae3-449c-ab88-5d689c542c44}) (Version: 4.4.21 - Screaming Bee Inc.)
Spotify (HKCU\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Survarium (HKLM-x32\...\{FEA2E954-A6D0-42FA-8FF1-DFA325758FAC}_is1) (Version: 0.27c - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
Name: 802.11 n WLAN
Description: 802.11 n WLAN
Class Guid: 
Manufacturer: 
Service: 
Device ID: USB\VID_0DB0&PID_3871\1.0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&6AE6995&0&00E4
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_8C221849&REV_05\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 8130.38 MB
Available physical RAM: 3507.52 MB
Total Pagefile: 16258.95 MB
Available Pagefile: 11437.02 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.59 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:631.17 GB) (Free:221.48 GB) NTFS
2 Drive d: () (Fixed) (Total:300 GB) (Free:66.37 GB) NTFS
4 Drive f: (VEC3) (CDROM) (Total:0.86 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\NEMESIS
 
Administrator            Ethan                    Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
07-05-2015 02:25:28 Windows Update
09-05-2015 17:11:54 Installed RAMDisk
09-05-2015 17:12:28 Installed RAMDisk
09-05-2015 17:13:44 Device Driver Package Install: Dataram, Inc.
11-05-2015 11:55:13 Windows Update
11-05-2015 21:31:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
 
**** End of log ****
 
 
 
/// SWITCH LOGS ///
 
 
 

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials        
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 6 Adobe Reader out of Date! 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition update.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 11 May 2015 - 11:56 PM

Hi there,

You are having two antivirus solutions running - Microsoft Security Essentials and BitDefender Free Edition. Please remove one and keep the other.

Did you run ComboFix at some point before posting here?

Please uninstall the following software in Programs and Features:

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

If you run into any problems, let me know.

Do you recognize this software?

ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden


After you are finished, please run this.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#5 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 12 May 2015 - 02:07 AM

I have removed MSE and I'm now running BitDefender AV Free Edition only.
 
If you need a ComboFix Log posted please let me know.
 
 
I was able to uninstall these two without any issues:
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
 
I don't recognize this at all:
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
 
 
// ADWCLEANER SCAN //
 
 
# AdwCleaner v4.203 - Logfile created 12/05/2015 at 03:05:30
# Updated 30/04/2015 by Xplode
# Database : 2015-05-11.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ethan - NEMESIS
# Running from : C:\Users\Ethan\Desktop\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\ProgramData\{7096931d-49b7-528a-7096-6931d49b4c75}
Folder Found : C:\ProgramData\bda5eff800007fd7
Folder Found : C:\Users\Ethan\AppData\Roaming\Store
Folder Found : C:\Users\Ethan\AppData\Roaming\WTools
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
 
***** [ Scheduled tasks ] *****
 
Task Found : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\CheckMeUp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\WTools
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\WTools
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "acjgabfifnnmmlckmnijdbijgbfpedde": {
            "active_permissions": {
               "api": [ "storage" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "*://jhvisser.com/hidefedora/*", "*://www.youtube.com/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 9,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "storage" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "*://apis.google.com/*", "*://jhvisser.com/hidefedora/*", "*://plus.googleapis.com/*", "*://www.youtube.com/*" ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13073842270261328",
            "install_warning_on_enable": false,
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "content_scripts": [ {
                  "css": [ "src/content.css" ],
                  "js": [ "assets/jquery/jquery.min.js", "assets/underscore/underscore-min.js", "assets/moment/moment.min.js", "src/content.js" ],
                  "matches": [ "*://www.youtube.com/*", "*://jhvisser.com/hidefedora/*" ],
                  "run_at": "document_end"
               } ],
               "description": "Removes fedora Youtube commenters.",
               "homepage_url": "hxxp://hidefedora.hadal.in",
               "icons": {
                  "48": "icons/icon48.png"
               },
               "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolr0NrUm8qhF6tX9Q4lSGTZJakqWePEyos8nfHlvNxveVEF24wsSsoWvDwNG17XFz7OGbT64cqShaVWM5WZYPkXYfV+nNZrelrEJLvWkh3rcHKaLZXiNVGl/HRmN4uycIlPvDZkJgymp9cyZiHaoUjhFD32rE2V9x6/DQfqb//VJTdCE9KdpjVU4vz+o4yGFpUgML+Gz7YxU47Ua0qna8kWq7yYn9gMEpQEViq5mkgi8rGstq+xydyh8QCfHe+5L2hsGC9GeOy+cQY66kEDrmpPetln1wmNvh16Sh8vutpdiMUHkGb+/GRkRyPficvzWvUEVA0WnhAQiPplQaqdHiwIDAQAB",
               "manifest_version": 2,
               "name": "Hide Fedora",
               "options_page": "options/options.html",
               "permissions": [ "storage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "1.7.6",
               "web_accessible_resources": [ "resources/*" ]
            },
            "path": "acjgabfifnnmmlckmnijdbijgbfpedde\\1.7.6_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13068903038166848",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\40.0.2214.115\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "yn",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13068903043817277",
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Google Drive: create, share and keep all your stuff in one place.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "6.4"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13068903042167734",
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The world's most popular online video community.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "booedmolknjekdopkepjjeckmjkdpfgl": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "chrome://settings-frame/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13070562077257120",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "bk.js" ]
               },
               "content_scripts": [ {
                  "js": [ "cs.js" ],
                  "matches": [ "chrome://settings-frame/*" ]
               } ],
               "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
               "description": "Extutil",
               "incognito": "spanning",
               "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Extutil",
               "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
               "version": "0.1"
            },
            "path": "C:\\Users\\Ethan\\AppData\\Local\\Temp\\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "cjpalhdlnbpafiamejdnhcphjbkeiagm": {
            "active_permissions": {
               "api": [ "contextMenus", "storage", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "hxxp://*/*", "hxxps://*.adblockplus.me/*", "hxxps://*.adblockplus.org/*", "hxxps://*/*", "hxxps://www.fanboy.co.nz/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 9,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "contextMenus", "storage", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "hxxp://*/*", "hxxps://*/*" ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13075855509704595",
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "author": "All uBlock Origin contributors",
               "background": {
                  "page": "background.html"
               },
               "browser_action": {
                  "default_icon": {
                     "19": "img/browsericons/icon19.png",
                     "38": "img/browsericons/icon38.png"
                  },
                  "default_popup": "popup.html",
                  "default_title": "uBlock Origin"
               },
               "content_scripts": [ {
                  "all_frames": true,
                  "js": [ "js/vapi-client.js", "js/contentscript-start.js" ],
                  "matches": [ "hxxp://*/*", "hxxps://*/*" ],
                  "run_at": "document_start"
               }, {
                  "all_frames": true,
                  "js": [ "js/contentscript-end.js" ],
                  "matches": [ "hxxp://*/*", "hxxps://*/*" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/subscriber.js" ],
                  "matches": [ "hxxps://*.adblockplus.org/*", "hxxps://*.adblockplus.me/*", "hxxps://www.fanboy.co.nz/*" ],
                  "run_at": "document_idle"
               } ],
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "Finally, an efficient blocker. Easy on CPU and memory.",
               "icons": {
                  "128": "img/icon_128.png",
                  "16": "img/icon_16.png"
               },
               "incognito": "split",
               "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJNzUNVjS6Q1qe0NRqpmfX/oSJdgauSZNdfeb5RV1Hji21vX0TivpP5gq0fadwmvmVCtUpOaNUopgejiUFm/iKHPs0o3x7hyKk/eX0t2QT3OZGdXkPiYpTEC0f0p86SQaLoA2eHaOG4uCGi7sxLJmAXc6IsxGKVklh7cCoLUgWEMnj8ZNG2Y8UKG3gBdrpES5hk7QyFDMraO79NmSlWRNgoJHX6XRoY66oYThFQad8KL8q3pf3Oe8uBLKywohU0ZrDPViWHIszXoE9HEvPTFAbHZ1umINni4W/YVs+fhqHtzRJcaKJtsTaYy+cholu5mAYeTZqtHf6bcwJ8t9i2afwIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "22.0",
               "name": "uBlock Origin",
               "options_page": "dashboard.html",
               "options_ui": {
                  "page": "options_ui.html"
               },
               "permissions": [ "contextMenus", "storage", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*" ],
               "short_name": "uBlock0",
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9.7.0"
            },
            "path": "cjpalhdlnbpafiamejdnhcphjbkeiagm\\0.9.7.0_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "cmeakgjggjdlcpncigglobpjbkabhmjl": {
            "active_permissions": {
               "api": [ "alarms", "background", "notifications", "storage" ],
               "explicit_host": [ "*://*.steampowered.com/*", "*://steamcommunity.com/*", "*://steamrep.com/*", "hxxp://*.steamstatic.com/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "*://steamcommunity.com/id/*/gamecards/*", "*://steamcommunity.com/id/*/inventory", "*://steamcommunity.com/id/*/inventory/*", "*://steamcommunity.com/id/*/invites/*", "*://steamcommunity.com/id/*/tradeoffers", "*://steamcommunity.com/id/*/tradeoffers/*", "*://steamcommunity.com/market", "*://steamcommunity.com/market/", "*://steamcommunity.com/market/listings/*", "*://steamcommunity.com/profiles/*/gamecards/*", "*://steamcommunity.com/profiles/*/inventory", "*://steamcommunity.com/profiles/*/inventory/*", "*://steamcommunity.com/profiles/*/invites/*", "*://steamcommunity.com/profiles/*/tradeoffers", "*://steamcommunity.com/profiles/*/tradeoffers/*", "*://steamcommunity.com/trade/*", "*://steamcommunity.com/tradeoffer/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 9,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "alarms", "background", "notifications", "storage" ],
               "explicit_host": [ "*://*.steampowered.com/*", "*://steamcommunity.com/*", "*://steamrep.com/*", "hxxp://*.steamstatic.com/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "*://steamcommunity.com/id/*/gamecards/*", "*://steamcommunity.com/id/*/inventory", "*://steamcommunity.com/id/*/inventory/*", "*://steamcommunity.com/id/*/invites/*", "*://steamcommunity.com/id/*/tradeoffers", "*://steamcommunity.com/id/*/tradeoffers/*", "*://steamcommunity.com/market", "*://steamcommunity.com/market/", "*://steamcommunity.com/market/listings/*", "*://steamcommunity.com/profiles/*/gamecards/*", "*://steamcommunity.com/profiles/*/inventory", "*://steamcommunity.com/profiles/*/inventory/*", "*://steamcommunity.com/profiles/*/invites/*", "*://steamcommunity.com/profiles/*/tradeoffers", "*://steamcommunity.com/profiles/*/tradeoffers/*", "*://steamcommunity.com/trade/*", "*://steamcommunity.com/tradeoffer/*" ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13075855516313279",
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "js/jquery-1.10.2.min.js", "js/offernof.js" ]
               },
               "browser_action": {
                  "default_icon": "assets/icon19.png",
                  "default_popup": "html/tradeoffers.html",
                  "default_title": "Steam inventory helper"
               },
               "content_scripts": [ {
                  "js": [ "js/jquery-1.10.2.min.js", "js/json2.js", "js/tradeoffer.js" ],
                  "matches": [ "*://steamcommunity.com/tradeoffer/*", "*://steamcommunity.com/trade/*" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/jquery-1.10.2.min.js", "js/inventprice.js" ],
                  "matches": [ "*://steamcommunity.com/id/*/inventory", "*://steamcommunity.com/id/*/inventory/*", "*://steamcommunity.com/profiles/*/inventory", "*://steamcommunity.com/profiles/*/inventory/*" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/tradeofferrev.js" ],
                  "matches": [ "*://steamcommunity.com/id/*/tradeoffers/*", "*://steamcommunity.com/profiles/*/tradeoffers/*", "*://steamcommunity.com/id/*/tradeoffers", "*://steamcommunity.com/profiles/*/tradeoffers" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/listing.js" ],
                  "matches": [ "*://steamcommunity.com/market/listings/*" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/jquery-1.10.2.min.js", "js/market.js" ],
                  "matches": [ "*://steamcommunity.com/market/", "*://steamcommunity.com/market" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/badge.js" ],
                  "matches": [ "*://steamcommunity.com/id/*/gamecards/*", "*://steamcommunity.com/profiles/*/gamecards/*" ],
                  "run_at": "document_end"
               }, {
                  "js": [ "js/jquery-1.10.2.min.js", "js/invites.js" ],
                  "matches": [ "*://steamcommunity.com/id/*/invites/*", "*://steamcommunity.com/profiles/*/invites/*" ],
                  "run_at": "document_end"
               } ],
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "Provides many utilities for steam inventory and market (offers notification, quick selling, buying, offering trades, price check...)",
               "homepage_url": "hxxps://chrome.google.com/webstore/detail/steam-inventory-helper/cmeakgjggjdlcpncigglobpjbkabhmjl",
               "icons": {
                  "128": "assets/icon128.png",
                  "16": "assets/icon16.png",
                  "19": "assets/icon19.png",
                  "48": "assets/icon48.png"
               },
               "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VtB6075FEgL7ORPBwcfR2hXhOXZ92Wg/s87+Odt4ix+NSzKTcnZ9/ln6YIV7sVO/7B8kkL1j5zFUpUGrxTv/+dhs9Vprz1iziulktdLhPHpwoRE8PgmSz5sItmqsArNFEFm4zEkZRjNgZaIG0bL/5BmkE2CjAPUjhYBiVQyFPYaFjGjd077ZMkbmiVCVdyk+8GiUjOlroX6cE9jO04CZW+VikuAU5jLoNzd50WOHDVeMQoukFUtVAIYv1IWvbUYfaseo8t/Z47jF2KivXoggAXFrV/uJiTvMot13XstxpR5yG8xnmZHnh42Q6nY7Ke/HYzTYnB9ftftAFpMBVAj6wIDAQAB",
               "manifest_version": 2,
               "name": "Steam inventory helper",
               "options_page": "html/popup.html",
               "permissions": [ "notifications", "alarms", "storage", "background", "*://steamcommunity.com/*", "*://*.steampowered.com/*", "hxxp://*.steamstatic.com/*", "*://steamrep.com/*" ],
               "short_name": "SIH",
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "1.5.13",
               "web_accessible_resources": [ "css/*.css", "js/*.js", "js/*.min.js.map", "js/jquery-1.10.2.min.map", "assets/*", "assets/*", "js/lang/*" ]
            },
            "path": "cmeakgjggjdlcpncigglobpjbkabhmjl\\1.5.13_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "y",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13071995751630329",
            "lastpingday": "13075801209495436",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The fastest way to search the web.
 
*************************
 
AdwCleaner[R0].txt - [28278 bytes] - [12/05/2015 03:05:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28338 bytes] ##########
 


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 12 May 2015 - 02:12 AM

Hi there,

Please do NOT run ComboFix without permission - not only it is not allowed here, it is also a very powerful tool and can break your machine if used incorrectly.

Re-run AdwCleaner and choose Cleaning for all detected objects.

After that please run these.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Regards,
Alex

Edited by Alexstrasza, 12 May 2015 - 02:12 AM.


#7 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 12 May 2015 - 03:40 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Ultimate x64
Ran by Ethan on Tue 05/12/2015 at  4:14:48.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Ethan\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Ethan\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/12/2015 at  4:17:00.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Scanned with MBam aswell.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 12 May 2015 - 04:51 AM

Hi there,

Please post the Scan Log from Malwarebytes.

After that please run this.

ESET Online Scanner

You will need to use Internet Explorer for this scan.
  • Hold down Ctrl and click here to open ESET Online Scanner in a new window.
  • Click the ESET Online Scanner button.
  • Put a checkmark in "YES, I accept the Terms of Use."
  • Click Start.
  • Accept any security warnings from your browser.
  • Under Scan settings, put a checkmark in Scan Archives.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Scan.
  • ESET Online Scanner will automatically update and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats.
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#9 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 12 May 2015 - 08:23 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/12/2015
Scan Time: 4:19:05 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ethan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421369
Time Elapsed: 8 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{ff148bd5}, , [d8a16dd6d8b2ae8888fe0dc4f70ca15f], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 14 May 2015 - 06:57 AM

Hi there,

Please proceed with ESET Online Scanner. Thank you :)

Alex

#11 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 14 May 2015 - 01:49 PM

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Qoobox\Quarantine\C\Users\Ethan\AppData\Roaming\03000200-1426088124-0500-0006-000700080009\Uninstall.exe.vir Win32/Adware.ConvertAd.EB application
C:\Qoobox\Quarantine\C\Users\Ethan\AppData\Roaming\03000200-1426088124-0500-0006-000700080009\vnsz7091.tmp.vir multiple threats


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 14 May 2015 - 01:50 PM

Hi there,

How is the computer running?

Alex

#13 Cerruth

Cerruth
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 16 May 2015 - 06:36 PM

Better than what it was thanks.



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 17 May 2015 - 02:37 AM

Hi there,

You are running two antivirus solutions - BitDefender Free Edition and Microsoft Security Essentials. Please remove one and keep the other - let me know which one you decided to keep.

Afterwards please open an elevated Command Prompt, type in sfc /scannow and press Enter to check file system integrity.

Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users