Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 x64 Home Premium


  • This topic is locked This topic is locked
30 replies to this topic

#1 chi1ddd

chi1ddd

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 04:35 PM

OK, came back from out of town and the computer has been running strange.  It has been very difficult to open programs and the internet switchs from being very slow to having a limited connection.  Also, when I restart the computer it will just hang on the restart screen and I have to power off manually. 

 

I suspected it was some type of virus or malware since the kids had been on the computer without parental supervision.  I ran MBAM and it cleaned about 1100 files.  I will post the file below.  The computer now will come on but still will not restart.  Also, it takes about 5 minutes to show that the internet is connected but even then it is very slow.  Restore from a previous point will not work in regular or safe mode. 

 

I feel like there are still some majors issues.

 

Help and Thanks.

 

DDD



BC AdBot (Login to Remove)

 


#2 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 04:36 PM

The internet icon now says "Identifying....No Internet Access"



#3 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 04:41 PM

Can't post MBAM because the computer will not recognize by flash drive. 

 

The files all say Pup.Optional.Conduit.A.

 

The registry files cleaned were Pup.Vulnerable.DellSystemDetect



#4 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 04:47 PM

Flash Drive works in Safe Mode.



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 12 May 2015 - 04:49 PM

Boot your machine into safe with networking.

http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

 

Step 4: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 5: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by InadequateInfirmity, 12 May 2015 - 04:50 PM.


#6 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 04:50 PM


MBAM Results

-----------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2015
Scan Time: 8:47:11 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.05.12.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dotson

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 689730
Time Elapsed: 1 hr, 18 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-770151250-1429273482-1369692901-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\Dotson\AppData\Local\Apps\2.0\GY6T0QP5.C4W\PKDEM44V.VLW\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe, Quarantined, [546e533f345630062e46c2112fd409f7]
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-770151250-1429273482-1369692901-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\Guest\AppData\Local\Apps\2.0\GY6T0QP5.C4W\PKDEM44V.VLW\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe, Quarantined, [6e54335f4e3cc96dfb79d4ffca398a76]

Registry Data: 0
(No malicious items detected)

Folders: 231
PUP.Optional.ConduitTB.Gen, C:\Users\Dotson\AppData\Local\CRE, Quarantined, [6e54306299f195a109326e6422e138c8],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\APISupport, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js\lib, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js\options, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js\tabs, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js\tabs\back, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\js\toolbarAPI, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\mam, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\mam\scripts, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\mam\scripts\contentScripts, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\nativeMessaging, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\plugins, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\html, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages\API, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages\css, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages\html, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages\img, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\Search\NewTabPages\js, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\tb, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\tb\al, Quarantined, [52703062cac0b97d3f3022abc43f619f],
PUP.Optional.Conduit.A, C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\10.31.4.510_0\tb\al\aboutBox, Quarantined, [52703062cac0b97d3f3022abc43f619f],



#7 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 05:14 PM

Adware Removal Tool

----------------------------

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_05_12_17_53_29
OS: Windows 7 - 64 Bit
Account Name: Dotson
U0L0S16

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe
Deleted - File - C:\Users\Dotson\Appdata\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AKKBFQK\pricepeep[1].png
Deleted - File - C:\Users\Dotson\Appdata\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O15G6PB\pingCAKWQVO6.gif
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage:ask.com
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage:www.ask.com

\\ Finished
 



#8 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 12 May 2015 - 05:33 PM

~ ZHPCleaner v2015.5.12.227 by Nicolas Coolman (12/05/2015)
~ Run by Dotson (Administrator)  (12/05/2015 18:26:39)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Dotson\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Dotson\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (13)
MOVED folder^: C:\ProgramData\Browser Manager (PUP.SpeedBrowser)
MOVED folder: C:\Users\Dotson\Music\iMesh (PUP.iMesh)
MOVED folder: C:\Users\Dotson\AppData\Local\PackageAware (PUP.BearShare)
MOVED folder: C:\Users\Dotson\AppData\Local\{47FE0B09-78F1-4C0A-B346-86C1BE734040} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{5646E2EA-570B-428F-950E-6A6509BDE3DE} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{63B2BF88-5CF4-4866-B333-A4274B690AC7} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{6C2C90DF-F5DD-4E4F-AE59-1C6666423640} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{933901AC-B894-4274-900F-CDC7E0AFB56C} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{C710E8C3-A5E5-4A19-9708-D15C1AD228FD} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{CB97ADD3-7D8F-491A-A4AE-4BF683CC9351} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{CED84BAB-4A7C-4DD1-BF14-97F11FD005F6} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{E3AD4543-758F-48B9-959B-F27AAB8724F8} (Empty)
MOVED folder: C:\Users\Dotson\AppData\Local\{EF254016-0484-4AFA-8BAA-4B758E31B868} (Empty)


---\\  Registry ( Key, Value, Data) (24)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104} [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} [] (Adware.CrossRider)
DELETED key*: HKEY_USERS\S-1-5-21-770151250-1429273482-1369692901-1000\Software\iMesh [] (PUP.iMesh)
DELETED key: HKCU\Software\iMesh [] (PUP.iMesh)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shopathome.com [] (Adware.SAHAgent)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.shopathome.com [490] (Adware.SAHAgent)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com [0] (PUP.Softonic)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\3DTutorials.exe [C:\Program Files (x86)\Roxio 2011\3DTutorials\3DTutorials.exe] (PUP.AgenceExclusive)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-zip [TUGUU SL] (PUP.VAFPlayer)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\3DTutorials.exe [C:\Program Files (x86)\Roxio 2011\3DTutorials\3DTutorials.exe] (PUP.AgenceExclusive)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\App24x7Help_RASAPI32 [] (PUP.24x7Help)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\App24x7Help_RASMANCS [] (PUP.24x7Help)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_RASAPI32 [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_RASMANCS [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32 [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS [] (PUP.iMesh)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Linkury_RASAPI32 [] (PUP.Linkury)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Linkury_RASMANCS [] (PUP.Linkury)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_blackberry-backup-extractor_RASAPI32 [] (PUP.Softonic)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_blackberry-backup-extractor_RASMANCS [] (PUP.Softonic)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 3011
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 38


End of clean at 18:26:49
===================
ZHPCleaner-[R]-12052015-18_26_49.txt
ZHPCleaner-[S]-12052015-18_24_47.txt
 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 12 May 2015 - 05:45 PM

Continue on with the other scans and let me know if normal mode is better. :)

 

 

Once complete with adware cleaner....

 

Download 9-Lab Removal Tool. from one of the links below.

http://9-lab.com/

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.



#10 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 May 2015 - 05:22 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dotson on Tue 05/12/2015 at 22:44:16.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Dotson\appdata\locallow\pcdr
Successfully deleted: [Folder] C:\Users\Dotson\AppData\Roaming\pcdr



~~~ FireFox

Emptied folder: C:\Users\Dotson\AppData\Roaming\mozilla\firefox\profiles\tn25gw07.default-1355415640866\minidumps [85 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/12/2015 at 22:46:06.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 May 2015 - 06:58 AM

# AdwCleaner v4.204 - Logfile created 13/05/2015 at 06:27:06
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dotson - OFFICEDESKTOP2
# Running from : C:\Users\Dotson\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269

***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.135

[C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dotson\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2596 bytes] - [13/05/2015 06:24:46]
AdwCleaner[S0].txt - [2539 bytes] - [13/05/2015 06:27:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2598  bytes] ##########
 



#12 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 May 2015 - 07:49 AM

9-lab Removal Tool 1.0.0.34 BETA
9-lab.com

Database version: 0.0

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17728
Dotson :: OFFICEDESKTOP2

5/13/2015 8:01:49 AM
9lab-log-2015-05-13 (08-01-49).txt

Scan type: Full
Objects scanned: 56708
Time Elapsed: 44 m 19 s
 



#13 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 May 2015 - 07:52 AM

OK, ran all.

 

In Safe Mode, the internet connection seems to be running slowly but it will connect to various wifi connections.

 

In Normal Mode, it still gives the message that it is "identifying the network" and has limited connection.

 

Also, the computer will not restart on it's on.  It gets to the restart screen and just gets stuck.  I have to manually hit the power button to turn off and then back on.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 13 May 2015 - 08:38 AM

Lets run a couple more scans in safe mode with networking...

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

Step 3: Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Step 4: Security Check

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 Step 5: MiniToolBox.

 

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



#15 chi1ddd

chi1ddd
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 May 2015 - 03:45 PM

13 May 2015 14:01:41 [0780] - **********************************************************
13 May 2015 14:01:41 [0780] - MWAV - eScanAV AntiVirus Toolkit.
13 May 2015 14:01:41 [0780] - Copyright © MicroWorld Technologies
13 May 2015 14:01:41 [0780] - **********************************************************
13 May 2015 14:01:41 [0780] - Source: C:\Users\Dotson\Downloads\mwav.exe
13 May 2015 14:01:41 [0780] - Version 14.0.178 (C:\USERS\DOTSON\APPDATA\LOCAL\TEMP\MEXE.COM)
13 May 2015 14:01:41 [0780] - Log File: C:\Users\Dotson\AppData\Local\Temp\MWAV.LOG
13 May 2015 14:01:41 [0780] - MWAV Registered: TRUE
13 May 2015 14:01:41 [0780] - User Account: Dotson (Administrator Mode)
13 May 2015 14:01:41 [0780] - OS Type: Windows Workstation [InstallType: Client]
13 May 2015 14:01:41 [0780] - OS: Windows 7 64-Bit [OS Install Date: 04 Aug 2011 14:09:31]
13 May 2015 14:01:41 [0780] - Ver: Personal Service Pack 1 (Build 7601)
13 May 2015 14:01:41 [0780] - System Up Time: 4 Hours, 54 Minutes, 58 Seconds


13 May 2015 14:01:41 [0780] - Parent Process Name : C:\Users\Dotson\Downloads\mwav.exe
13 May 2015 14:01:41 [0780] - Windows Root  Folder: C:\Windows
13 May 2015 14:01:41 [0780] - Windows Sys32 Folder: C:\Windows\system32
13 May 2015 14:01:41 [0780] - Interface0 DHCPNameServer: 172.20.10.1
13 May 2015 14:01:41 [0780] - Interface1 DHCPNameServer: 192.168.1.1
13 May 2015 14:01:41 [0780] - Local Fixed Drives: c:\
13 May 2015 14:01:41 [0780] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
13 May 2015 14:01:41 [0780] - [CREATED ZIP FILE: C:\Users\Dotson\AppData\Local\Temp\pinfect.zip]
13 May 2015 14:01:41 [0780] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
13 May 2015 14:01:43 [0780] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Dotson\AppData\Local\Temp\ESCANDB.LOG]
13 May 2015 14:01:44 [0780] - Loaded/Created FileScan Cache Database...
13 May 2015 14:01:44 [0780] - Loading AV Library [DB]...
13 May 2015 14:02:20 [0780] - ArchiveScan: DISABLED
13 May 2015 14:02:21 [0780] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
13 May 2015 14:02:21 [0780] - MWAV doing self scanning...
13 May 2015 14:02:21 [0780] - MWAV files are clean.
13 May 2015 14:08:33 [0780] - ArchiveScan: DISABLED
13 May 2015 14:08:33 [0780] - Virus Database Date: 02 Mar 2015
13 May 2015 14:08:33 [0780] - Virus Database Count: 6701505
13 May 2015 14:08:33 [0780] - Sign Version: 7.59505 [518257]
13 May 2015 14:08:33 [0780] - Scheduler Service not enabled. Scheduler Feature Disabled.
 
13 May 2015 14:09:20 [0780] - **********************************************************
13 May 2015 14:09:20 [0780] - MWAV - eScanAV AntiVirus Toolkit.
13 May 2015 14:09:20 [0780] - Copyright © MicroWorld Technologies
13 May 2015 14:09:20 [0780] -
13 May 2015 14:09:20 [0780] - Support: support@escanav.com
13 May 2015 14:09:20 [0780] - Web: http://www.escanav.com
13 May 2015 14:09:20 [0780] - **********************************************************
13 May 2015 14:09:20 [0780] - Version 14.0.178[DB] (C:\USERS\DOTSON\APPDATA\LOCAL\TEMP\MEXE.COM)
13 May 2015 14:09:20 [0780] - Log File: C:\Users\Dotson\AppData\Local\Temp\MWAV.LOG
13 May 2015 14:09:20 [0780] - User Account: Dotson (Administrator Mode)
13 May 2015 14:09:20 [0780] - Parent Process Name : C:\Users\Dotson\Downloads\mwav.exe
13 May 2015 14:09:20 [0780] - Windows Root  Folder: C:\Windows
13 May 2015 14:09:20 [0780] - Windows Sys32 Folder: C:\Windows\system32
13 May 2015 14:09:20 [0780] - OS: Windows 7 64-Bit [OS Install Date: 04 Aug 2011 14:09:31]
13 May 2015 14:09:20 [0780] - Ver: Personal Service Pack 1 (Build 7601)
13 May 2015 14:09:20 [0780] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
13 May 2015 14:09:20 [0780] - Scheduler Service not enabled. Scheduler Feature Disabled.
 
13 May 2015 14:09:20 [06c0] - Options Selected by User:
13 May 2015 14:09:20 [06c0] - Memory Check: Enabled
13 May 2015 14:09:20 [06c0] - Registry Check: Enabled
13 May 2015 14:09:20 [06c0] - StartUp Folder Check: Enabled
13 May 2015 14:09:20 [06c0] - System Folder Check: Enabled
13 May 2015 14:09:20 [06c0] - Services Check: Enabled
13 May 2015 14:09:20 [06c0] - Scan Spyware: Enabled
13 May 2015 14:09:20 [06c0] - Scan Archives: Disabled
13 May 2015 14:09:20 [06c0] - Drive Check: Enabled
13 May 2015 14:09:20 [06c0] - All Drive Check :Disabled
13 May 2015 14:09:20 [06c0] - Drive Selected = C:\
13 May 2015 14:09:20 [06c0] - Folder Check: Disabled
13 May 2015 14:09:20 [06c0] - SCAN: All_Files [ANSI]
13 May 2015 14:09:20 [06c0] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
13 May 2015 14:09:20 [06c0] - Scanning DNS Records...
13 May 2015 14:09:20 [06c0] - Scanning Master Boot Record (User)...
13 May 2015 14:09:20 [06c0] - Scanning Logical Boot Records...
13 May 2015 14:09:20 [06c0] - ***** Scanning For Hidden Rootkit Processes *****
13 May 2015 14:09:20 [06c0] - ***** Scanning For Hidden Rootkit Services *****
 
13 May 2015 14:09:23 [06c0] - ***** Scanning Memory Files *****
 
13 May 2015 14:09:26 [06c0] - ***** Scanning Registry Files *****
13 May 2015 14:09:26 [06c0] - ERROR(3)!!! Invalid Entry {ba00b7b1-0351-477a-b948-23e3ee5a73d4} = C:\Program Files (x86)\AOL Toolbar\aoltb.dll (in key HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar). Action Taken: Removing it.
13 May 2015 14:10:03 [06c0] - ERROR(3)!!! Invalid Entry  = C:\Program Files\Java\jre6\bin\npjpi160_24.dll (in key HKLM64\Software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}). Action Taken: Removing it.
13 May 2015 14:10:09 [06c0] - ERROR(3)!!! Invalid Entry  = C:\Program Files (x86)\AOL Toolbar\aoltb.dll (in key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}). Action Taken: Removing it.
13 May 2015 14:10:11 [06c0] - ERROR(3)!!! Invalid Entry cmdline = %SystemRoot%\system32\ntvdm.exe (in key HKLM64\SYSTEM\CurrentControlSet\Control\WOW). Action Taken: Removing it.
 
13 May 2015 14:10:13 [06c0] - ***** Scanning StartUp Folders *****
13 May 2015 14:10:29 [0b54] - ScanFile (C:\Users\Dotson\Desktop\Old Desktop Items\Desktop Old\qifiif.zip) took 5226 ms
13 May 2015 14:29:09 [0b60] - ScanFile (C:\Users\Dotson\AppData\Roaming\Apple Computer\MobileSync\Backup\450401d4d693161f4ca4fceda6207075e6eca927-20131208-212155\d5c4526949a2c0484b370eb3fbc55cf9174a86dc) took 27955 ms
13 May 2015 14:29:09 [0b60] - Scanning of C:\Users\Dotson\AppData\Roaming\Apple Computer\MobileSync\Backup\450401d4d693161f4ca4fceda6207075e6eca927-20131208-212155\d5c4526949a2c0484b370eb3fbc55cf9174a86dc Timed out!!!
13 May 2015 15:06:44 [0b54] - ScanFile (C:\Users\Dotson\AppData\Roaming\Dropbox\bin\Dropbox.exe) took 5163 ms
13 May 2015 15:07:10 [0b54] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails0.dat) took 5164 ms
13 May 2015 15:07:18 [082c] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails13.dat) took 5694 ms
13 May 2015 15:07:27 [0b54] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails163.dat) took 5398 ms
13 May 2015 15:07:38 [0840] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails183.dat) took 7051 ms
13 May 2015 15:07:41 [0998] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails189.dat) took 8674 ms
13 May 2015 15:07:42 [0364] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails20.dat) took 6177 ms
13 May 2015 15:07:50 [0524] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails33.dat) took 6724 ms
13 May 2015 15:07:53 [082c] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails41.dat) took 5896 ms
13 May 2015 15:07:59 [0b54] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails35.dat) took 13931 ms
13 May 2015 15:08:07 [0998] - ScanFile (C:\Users\Dotson\AppData\Roaming\Roxio\EMC13\MediaManager\ItemThumbnails89.dat) took 6116 ms
13 May 2015 15:09:28 [0b60] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin not Scanned. Possibly password protected...
13 May 2015 15:09:31 [0814] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin not Scanned. Possibly password protected...
 
13 May 2015 15:09:50 [06c0] - ***** Scanning Service Files *****
13 May 2015 15:09:50 [06c0] - Scanning File C:\Windows\system32\drivers\1394ohci.sys
13 May 2015 15:09:50 [06c0] - ERROR(2)!!! ScanFile Fails for C:\Windows\system32\drivers\1394ohci.sys...
13 May 2015 15:09:53 [06c0] - ERROR(2)!!! Invalid Entry %SystemRoot%\System32\appmgmts.dll. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AppMgmt.
13 May 2015 15:09:55 [06c0] - ERROR(2)!!! Invalid Entry \??\C:\ComboFix\catchme.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\catchme.
13 May 2015 15:10:12 [06c0] - ERROR(2)!!! Invalid Entry System32\Drivers\RimUsb_AMD64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\RimUsb.
13 May 2015 15:10:16 [06c0] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
13 May 2015 15:10:23 [06c0] - ***** Scanning Registry and File system for Adware/Spyware *****
13 May 2015 15:10:23 [06c0] - Loading Spyware Signatures from new External Database [Name: C:\Users\Dotson\AppData\Local\Temp\spydb.avs, Size: 464717]...
13 May 2015 15:10:23 [06c0] - Indexed Spyware Databases Successfully Created...
 
13 May 2015 15:11:52 [06c0] - Offending file found: C:\Users\Dotson\Documents\UPS\Laptop Docs\People\ERI\Comments Disk\TOTAL.EXE
13 May 2015 15:11:52 [06c0] - System found infected with Total Antivirus Corrupted Adware/Spyware (TOTAL.EXE)! Action taken: File Deleted.
13 May 2015 15:11:52 [06c0] - Object "Total Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.

13 May 2015 15:11:52 [06c0] - Offending file found: C:\Users\Dotson\Documents\UPS\Laptop Docs\People\People Planning\ERI\Comments Disk\TOTAL.EXE
13 May 2015 15:11:52 [06c0] - System found infected with Total Antivirus Corrupted Adware/Spyware (TOTAL.EXE)! Action taken: File Deleted.
13 May 2015 15:11:52 [06c0] - Object "Total Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.

13 May 2015 15:11:56 [06c0] - Offending Registry Entry found: HKCU\SOFTWARE\Wget
13 May 2015 15:11:56 [06c0] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entries Removed.
13 May 2015 15:11:56 [06c0] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

13 May 2015 15:11:56 [06c0] - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
13 May 2015 15:11:56 [06c0] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
13 May 2015 15:11:56 [06c0] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

13 May 2015 15:11:56 [06c0] - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
13 May 2015 15:11:56 [06c0] - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
13 May 2015 15:11:56 [06c0] - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

 
13 May 2015 15:11:56 [06c0] - ***** Scanning Registry Files *****
13 May 2015 15:11:56 [06c0] - ERROR(3)!!! Invalid Entry  = C:\Program Files\Java\jre6\bin\npjpi160_24.dll (in key HKLM64\Software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}). Action Taken: Removing it.
13 May 2015 15:11:56 [06c0] - ** C:\Windows\system32\drivers\etc\hosts Not Present! Created New One.
13 May 2015 15:11:56 [06c0] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
13 May 2015 15:11:56 [06c0] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
13 May 2015 15:11:56 [06c0] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
13 May 2015 15:11:56 [06c0] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
13 May 2015 15:11:56 [06c0] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
13 May 2015 15:11:56 [06c0] - ** Value in 64-bit HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
13 May 2015 15:11:56 [06c0] - ***** Scanning System32 Folders *****
 
13 May 2015 15:12:47 [0524] - ScanFile (C:\Windows\SysWOW64\t3apstp.exe) took 21637 ms
13 May 2015 15:12:47 [0524] - Scanning of C:\Windows\SysWOW64\t3apstp.exe Timed out!!!
 
13 May 2015 15:12:48 [06c0] - ***** Scanning Drive C:\ *****
13 May 2015 15:12:58 [0364] - ScanFile (C:\Drivers\video\R294969\Packages\Drivers\Display\W76A_INF\B111431\atioglxx.dl_) took 5273 ms
13 May 2015 15:13:30 [0b54] - ScanFile (C:\Program Files\Creative\PreInst\t3.ini\Common\t3apstp.exe) took 8705 ms
13 May 2015 15:16:49 [0b60] - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouKu\ikuacc.dat not Scanned. Possibly password protected...
13 May 2015 15:18:04 [0524] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat not Scanned. Possibly password protected...
13 May 2015 15:18:19 [0364] - ScanFile (C:\Program Files (x86)\Dell DataSafe Local Backup\QTtool Lite.exe) took 7519 ms
13 May 2015 15:19:01 [0998] - ScanFile (C:\Program Files (x86)\Intuit\QuickBooks 2007\Components\PConfig\QuickBooks.msi) took 6256 ms
13 May 2015 15:21:24 [0524] - ScanFile (C:\Program Files (x86)\Roxio 2011\Video Convert\VideoConvert13.exe) took 5366 ms
13 May 2015 15:21:42 [0b54] - ScanFile (C:\Program Files (x86)\Skype\Phone\Skype.exe) took 8471 ms
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{3bfd6005-d2bf-11e4-a5ec-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{3bfd607c-d2bf-11e4-a5ec-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{71522382-e409-11e4-a47c-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{715224b0-e409-11e4-a47c-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0998] - Scanning File C:\System Volume Information\{71522583-e409-11e4-a47c-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{715226e0-e409-11e4-a47c-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0998] - Scanning File C:\System Volume Information\{7152276d-e409-11e4-a47c-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{779704f4-e23f-11e4-afc9-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0998] - Scanning File C:\System Volume Information\{8b1a48cd-e3be-11e4-bd22-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:10 [0b60] - Scanning File C:\System Volume Information\{93f1eaf7-e128-11e4-a611-782bcbb4d261}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 May 2015 15:23:28 [0840] - Scanning File C:\Users\Dotson\AppData\Local\Amazon Music\Data\Artwork Cache\LEMONY SNICKET-SERIES OF UNFORTUNATE EVENTS ~ BOOK FOURTH ~ MISERABLE MILL-local.jpg
13 May 2015 15:24:08 [0524] - ScanFile (C:\Users\Dotson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll) took 8829 ms
13 May 2015 15:24:26 [0524] - C:\Users\Dotson\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat not Scanned. Possibly password protected...
13 May 2015 15:24:26 [0364] - C:\Users\Dotson\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0b60] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\01512006-2008ArchiveTaxReturn.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0b54] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\01622006-2008ArchiveTaxReturn.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0814] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\02192006-2008ArchiveTaxReturn.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0364] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\20060477-2008ArchiveTaxReturn.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0840] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\20080207-2008ArchiveTaxReturn.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0814] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\Personal\2010 DOTSONDANAANDANGELA 1040 Revised.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:47 [0840] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\Tax Returns 2008.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:48 [082c] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\Personal\2011 DOTSONDANAANDANGELA 1040.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:48 [0524] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\Personal\2009 DOTSONDANAANDANGELA 1040.pdf not Scanned. Possibly password protected...
13 May 2015 15:30:48 [0998] - C:\Users\Dotson\Documents\Accounting Folders\Taxes\Personal\2010 DOTSONDANAANDANGELA 1040.pdf not Scanned. Possibly password protected...
13 May 2015 15:31:08 [0524] - ScanFile (C:\Users\Dotson\Documents\Angela\Spas2B\Course #1 - Spa Start up, Management & Operations - 4_17_2015 - 5_56 PM\content\Course1SpaStartUpManagementAndOperation\Sample Monthly Sales Projector Spreadsheet.doc) took 5070 ms
13 May 2015 15:31:15 [082c] - C:\Users\Dotson\Documents\BRIGHTSTARTCHILDCAREPRESCHOOL 2008 60422.pdf not Scanned. Possibly password protected...
13 May 2015 15:31:16 [0840] - C:\Users\Dotson\Documents\D3INVESTMENTSLLC 2008 60430.pdf not Scanned. Possibly password protected...
13 May 2015 15:31:29 [0364] - ScanFile (C:\Users\Dotson\Documents\Angela\VISION BOARD.doc) took 22402 ms
13 May 2015 15:32:35 [0814] - C:\Users\Dotson\Documents\SUCCESSFULBEGINNINGSLEARNINGCENTERINC 2008 60827.pdf not Scanned. Possibly password protected...
13 May 2015 15:33:00 [06c0] - INVALID ATTRIBUTES FOR FOLDER [C:\Users\Dotson\Documents\WP Backups\SBLC\_\esev2\backups ]: LastErr: 2. IGNORING.
13 May 2015 15:33:17 [06c0] - INVALID ATTRIBUTES FOR FOLDER [C:\Users\Dotson\Documents\WP Backups\_\esev2\backups ]: LastErr: 2. IGNORING.
13 May 2015 15:33:46 [0b54] - ScanFile (C:\Users\Dotson\Downloads\AirVideoServerHD-1.0.11.exe) took 9079 ms
13 May 2015 15:33:52 [0524] - ScanFile (C:\Users\Dotson\Downloads\BOIE9_ENUS_BO0085_WIN764(1).EXE) took 10015 ms
13 May 2015 15:33:52 [0998] - Scanning File C:\Users\Dotson\Downloads\DVD X Copy Platinum v3.2.1.0 Keymaker.exe
13 May 2015 15:33:52 [0998] - File C:\Users\Dotson\Downloads\DVD X Copy Platinum v3.2.1.0 Keymaker.exe infected by "Gen:Variant.Kazy.207291 (DB)" Virus! Action Taken: File Renamed.

13 May 2015 15:33:54 [0840] - ScanFile (C:\Users\Dotson\Downloads\DMSpatch_A02.exe) took 5148 ms
13 May 2015 15:34:24 [082c] - ScanFile (C:\Users\Dotson\Downloads\Lame_Front-End.exe) took 7254 ms
13 May 2015 15:34:33 [0840] - ScanFile (C:\Users\Dotson\Downloads\mwav.exe) took 9594 ms
13 May 2015 15:35:22 [0524] - ScanFile (C:\Users\Dotson\Downloads\ResiGame30092011\ResiGame.30.09.2011\ResiGame.exe) took 5601 ms
13 May 2015 15:35:26 [0364] - ScanFile (C:\Users\Dotson\Downloads\rkill.exe) took 9391 ms
13 May 2015 15:35:30 [0b54] - ScanFile (C:\Users\Dotson\Downloads\SecurityCheck.exe) took 5397 ms
13 May 2015 15:35:44 [0814] - ScanFile (C:\Users\Dotson\Downloads\TuneUpInst-2.4.6.4.exe) took 6037 ms
13 May 2015 15:36:23 [0524] - ScanFile (C:\Users\Dotson\Downloads\wink20-1060.zip) took 6599 ms
13 May 2015 15:40:47 [0b60] - ScanFile (C:\Users\Dotson\Music\iTunes\iTunes Media\Mobile Applications\JUVEDERM 2.0.1.ipa) took 14181 ms
13 May 2015 15:42:56 [06c0] - INVALID ATTRIBUTES FOR FOLDER [C:\Users\Dotson\Music\iTunes\iTunes Media\Music\Lemony Snicket\A Series of Unfortunate Events ~ Book th]: LastErr: 2. IGNORING.
13 May 2015 15:47:38 [0364] - ScanFile (C:\Users\Dotson\Pictures\2009\2009-07-21\Thumbs.db) took 11529 ms
13 May 2015 15:52:29 [0998] - ScanFile (C:\Users\Dotson\Pictures\Phone Pictures\Iphone Ashlynn\Pictures\2014-03-21 Ashlynn Iphone\Thumbs.db) took 5835 ms
13 May 2015 15:53:46 [0524] - ScanFile (C:\Users\Guest\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll) took 6568 ms
13 May 2015 15:53:46 [0b54] - ScanFile (C:\Users\Guest\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LuInstall.exe) took 6708 ms
13 May 2015 15:53:46 [082c] - ScanFile (C:\Users\Guest\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe) took 7005 ms
13 May 2015 15:53:46 [0814] - ScanFile (C:\Users\Guest\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\uninstall.exe) took 6349 ms
13 May 2015 15:53:46 [0b60] - ScanFile (C:\Users\Guest\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe) took 7067 ms
13 May 2015 15:57:00 [0b54] - ScanFile (C:\Windows\ERUNT\JRT\ERDNT.EXE) took 5085 ms
13 May 2015 15:57:00 [0364] - ScanFile (C:\Windows\erdnt\Hiv-backup\ERDNT.EXE) took 5709 ms
13 May 2015 15:58:04 [0b54] - ScanFile (C:\Windows\Installer\4d5cafc1.msi) took 6162 ms
13 May 2015 16:18:44 [0814] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
13 May 2015 16:18:44 [0b54] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
13 May 2015 16:20:05 [0814] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\kobzqbb_.inf_amd64_neutral_7588cb436f4da594\KOBZQABW.DLL) took 5258 ms
13 May 2015 16:20:38 [0998] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\ssp6m.inf_amd64_neutral_1aea754130cac82f\coinst.exe) took 7395 ms
13 May 2015 16:20:39 [0840] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\t3v.inf_amd64_neutral_7da9b465fa65444e\WinVista\bin\AMD64\t3aim64.exe) took 6459 ms
13 May 2015 16:20:39 [0b60] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\t3v.inf_amd64_neutral_6ab6ecccbcbca253\WinVista\bin\AMD64\t3aim64.exe) took 7317 ms
13 May 2015 16:23:04 [0998] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706\MediaCenterWebLauncher.exe) took 7847 ms
13 May 2015 16:29:00 [0364] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-sonic-createdisc_31bf3856ad364e35_6.1.7600.16385_none_9beb785f084a0caf\CreateDisc.dll) took 13916 ms
13 May 2015 16:30:28 [0840] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132\Microsoft.VisualBasic.dll) took 23104 ms
13 May 2015 16:30:28 [0840] - Scanning of C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132\Microsoft.VisualBasic.dll Timed out!!!
13 May 2015 16:30:28 [0998] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.22733_none_b8ec27b2df488ae0\Microsoft.VisualBasic.dll) took 22542 ms
13 May 2015 16:30:28 [0998] - Scanning of C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.22733_none_b8ec27b2df488ae0\Microsoft.VisualBasic.dll Timed out!!!
13 May 2015 16:30:54 [0b54] - ScanFile (C:\Windows\winsxs\amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.17933_none_0804e1f7c5c64bf1\OxpsConverter.exe) took 8222 ms
13 May 2015 16:30:54 [0b60] - ScanFile (C:\Windows\winsxs\amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.22091_none_084b74e2df1696ce\OxpsConverter.exe) took 8487 ms
13 May 2015 16:31:12 [0364] - ScanFile (C:\Windows\winsxs\amd64_server-help-h1s.mis..reference.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eee0f69bb1ec672d\misccommandreference.h1s) took 5491 ms
13 May 2015 16:31:12 [082c] - ScanFile (C:\Windows\winsxs\amd64_server-help-h1s.itpro.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8d326ea84d43f83d\itpro.h1s) took 5553 ms
13 May 2015 16:31:12 [0b54] - ScanFile (C:\Windows\winsxs\amd64_server-help-h1s.uap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d0aae185d680036f\uap.h1s) took 5522 ms
13 May 2015 16:32:08 [082c] - ScanFile (C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_9b0ce353451f4255_d2d1.dll_ef77984b) took 10312 ms
13 May 2015 16:35:52 [0524] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18804_none_18fdc1e9a139c989\GWX.exe) took 5819 ms
13 May 2015 16:39:26 [082c] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_10.2.9200.16521_none_dfa153494ca4176e\iecleanup.exe) took 5538 ms
13 May 2015 16:39:26 [0b54] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_828666943772c435\msfeedssync.exe) took 6178 ms
13 May 2015 16:39:26 [0998] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_10.2.9200.16521_none_1e08ed1a92d83052\msfeedssync.exe) took 6115 ms
13 May 2015 16:39:26 [0814] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_11.2.9600.16428_none_441eccc2f13eab51\iecleanup.exe) took 5476 ms
13 May 2015 16:41:06 [0998] - ScanFile (C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.22865_none_6cb760e7070688fc\GdiPlus.dll) took 5647 ms
 
13 May 2015 16:41:41 [06c0] - ***** Checking for specific ITW Viruses *****
 
13 May 2015 16:41:41 [06c0] - ***** Scanning complete. *****
 
13 May 2015 16:41:41 [06c0] - Total Objects Scanned: 940479
13 May 2015 16:41:41 [06c0] - Total Critical Objects: 6
13 May 2015 16:41:41 [06c0] - Total Disinfected Objects: 0
13 May 2015 16:41:41 [06c0] - Total Objects Renamed: 1
13 May 2015 16:41:41 [06c0] - Total Deleted Objects: 5
13 May 2015 16:41:41 [06c0] - Total Errors: 9
13 May 2015 16:41:41 [06c0] - Time Elapsed: 02:30:14
13 May 2015 16:41:41 [06c0] - Virus Database Date: 02 Mar 2015
13 May 2015 16:41:41 [06c0] - Virus Database Count: 6701505
13 May 2015 16:41:41 [06c0] - Sign Version: 7.59505 [518257]
 
13 May 2015 16:41:41 [06c0] - Scan Completed.
 
13 May 2015 16:44:03 [0780] - Virus Database Date: 02 Mar 2015
13 May 2015 16:44:03 [0780] - Virus Database Count: 6701505
13 May 2015 16:44:03 [0780] - Sign Version: 7.59505 [518257]
13 May 2015 16:44:03 [0780] - Scheduler Service not enabled. Scheduler Feature Disabled.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users