Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Required Removing Malware Please......


  • Please log in to reply
15 replies to this topic

#1 jwlanky

jwlanky

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 02:01 PM

I rather stupidly downloaded some malware, and thought I had uninstalled it using kaspersky and malwareantibytes. Whats ever it is it keeps downloaded all kinda junk programmes ever when Malwareantibytes says its clean....

 

Could anyone kindly help?

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 13 May 2015 - 02:01 PM

Hi there :)

I'll help you :) Let's take a look.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 02:37 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by len64 (administrator) on 13-05-2015 at 20:35:58
Running from "C:\Users\len64\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 2522W8K Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set subinterface interface=?3 subinterface=ethernet_6 mtu=1477
set subinterface interface=?3 subinterface=ethernet_11 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : len64-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 5C-FF-35-07-CF-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-23-14-AF-02-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-23-14-AF-02-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
   Physical Address. . . . . . . . . : 00-23-14-AF-02-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::984d:d50c:ddc6:66b6%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 13 May 2015 20:24:57
   Lease Expires . . . . . . . . . . : 14 May 2015 20:24:58
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 285221652
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-86-9C-6A-00-23-14-AF-02-E8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:4009:800::200e
 216.58.208.78
 
 
Pinging google.com [216.58.208.78] with 32 bytes of data:
Reply from 216.58.208.78: bytes=32 time=19ms TTL=53
Reply from 216.58.208.78: bytes=32 time=29ms TTL=53
 
Ping statistics for 216.58.208.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 29ms, Average = 24ms
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=182ms TTL=48
Reply from 206.190.36.45: bytes=32 time=176ms TTL=48
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 176ms, Maximum = 182ms, Average = 179ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...5c ff 35 07 cf 1b ......Intel® 82577LM Gigabit Network Connection
 14...00 23 14 af 02 e9 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...00 23 14 af 02 e9 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 23 14 af 02 e8 ......Intel® Centrino® Advanced-N 6200 AGN
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.75     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.75    281
     192.168.1.75  255.255.255.255         On-link      192.168.1.75    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.75    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.75    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.75    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::984d:d50c:ddc6:66b6/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/13/2015 07:57:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: GamesBotSvc.exe, version: 1.0.0.1, time stamp: 0x55378c24
Faulting module name: brs.dll_unloaded, version: 0.0.0.0, time stamp: 0x55378c37
Exception code: 0xc0000005
Fault offset: 0x7383ca06
Faulting process id: 0x15d4
Faulting application start time: 0xGamesBotSvc.exe0
Faulting application path: GamesBotSvc.exe1
Faulting module path: GamesBotSvc.exe2
Report Id: GamesBotSvc.exe3
 
Error: (05/13/2015 07:57:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: GamesBotSvc.exe, version: 1.0.0.1, time stamp: 0x55378c24
Faulting module name: brs.dll_unloaded, version: 0.0.0.0, time stamp: 0x55378c37
Exception code: 0xc0000005
Fault offset: 0x73843f88
Faulting process id: 0x15d4
Faulting application start time: 0xGamesBotSvc.exe0
Faulting application path: GamesBotSvc.exe1
Faulting module path: GamesBotSvc.exe2
Report Id: GamesBotSvc.exe3
 
Error: (05/11/2015 00:45:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: GamesBotSvc.exe, version: 1.0.0.1, time stamp: 0x55378c24
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc00000fd
Fault offset: 0x00059b46
Faulting process id: 0x1a04
Faulting application start time: 0xGamesBotSvc.exe0
Faulting application path: GamesBotSvc.exe1
Faulting module path: GamesBotSvc.exe2
Report Id: GamesBotSvc.exe3
 
Error: (05/09/2015 05:57:10 PM) (Source: Application Hang) (User: )
Description: The program Bubble Dock Uninstall.exe version 3.0.705.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5b0
 
Start Time: 01d08a790e0f9a97
 
Termination Time: 0
 
Application Path: C:\Users\len64\AppData\Local\Temp\952015175612\Bubble Dock Uninstall.exe
 
Report Id:
 
Error: (05/09/2015 00:13:10 PM) (Source: Application Hang) (User: )
Description: The program nsh3BF1.tmp version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b48
 
Start Time: 01d08a486c08cd36
 
Termination Time: 0
 
Application Path: C:\Users\len64\AppData\Local\Temp\nsh3BF1.tmp
 
Report Id:
 
Error: (05/09/2015 00:09:55 PM) (Source: MsiInstaller) (User: len64-PC)
Description: Product: Popcornew Update Helper -- Error 1316. The specified account already exists.
 
Error: (05/09/2015 00:09:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: Generic_vo.exe, version: 1.0.0.0, time stamp: 0x4b1ae3bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000008
Fault offset: 0x77929018
Faulting process id: 0x1a08
Faulting application start time: 0xGeneric_vo.exe0
Faulting application path: Generic_vo.exe1
Faulting module path: Generic_vo.exe2
Report Id: Generic_vo.exe3
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1435
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1435
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/13/2015 07:55:20 PM) (Source: Service Control Manager) (User: )
Description: The rij service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/13/2015 07:55:20 PM) (Source: Service Control Manager) (User: )
Description: The mrij service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/13/2015 06:58:26 PM) (Source: DCOM) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}5{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
 
Error: (05/13/2015 06:56:56 PM) (Source: Microsoft-Windows-DriverFrameworks-UserMode) (User: NT AUTHORITY)
Description: The driver package installation has failed.  The final status was 5.
 
Error: (05/13/2015 06:56:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/11/2015 00:46:26 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (05/09/2015 06:22:38 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/09/2015 06:20:53 PM) (Source: Service Control Manager) (User: )
Description: The rij service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/09/2015 06:20:53 PM) (Source: Service Control Manager) (User: )
Description: The mrij service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/09/2015 06:09:54 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/13/2015 07:57:16 PM) (Source: Application Error)(User: )
Description: GamesBotSvc.exe1.0.0.155378c24brs.dll_unloaded0.0.0.055378c37c00000057383ca0615d401d08dadad8c480cC:\Program Files (x86)\Games Bot\GamesBotSvc.exebrs.dlldf5467d0-f9a1-11e4-b212-5cff3507cf1b
 
Error: (05/13/2015 07:57:12 PM) (Source: Application Error)(User: )
Description: GamesBotSvc.exe1.0.0.155378c24brs.dll_unloaded0.0.0.055378c37c000000573843f8815d401d08dadad8c480cC:\Program Files (x86)\Games Bot\GamesBotSvc.exebrs.dlldca9ba4d-f9a1-11e4-b212-5cff3507cf1b
 
Error: (05/11/2015 00:45:16 PM) (Source: Application Error)(User: )
Description: GamesBotSvc.exe1.0.0.155378c24ntdll.dll6.1.7601.187985507b3e0c00000fd00059b461a0401d08bde9c091cb7C:\Program Files (x86)\Games Bot\GamesBotSvc.exeC:\Windows\SysWOW64\ntdll.dll30f56916-f7d3-11e4-81c5-5cff3507cf1b
 
Error: (05/09/2015 05:57:10 PM) (Source: Application Hang)(User: )
Description: Bubble Dock Uninstall.exe3.0.705.05b001d08a790e0f9a970C:\Users\len64\AppData\Local\Temp\952015175612\Bubble Dock Uninstall.exe
 
Error: (05/09/2015 00:13:10 PM) (Source: Application Hang)(User: )
Description: nsh3BF1.tmp0.0.0.01b4801d08a486c08cd360C:\Users\len64\AppData\Local\Temp\nsh3BF1.tmp
 
Error: (05/09/2015 00:09:55 PM) (Source: MsiInstaller)(User: len64-PC)
Description: Product: Popcornew Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/09/2015 00:09:48 PM) (Source: Application Error)(User: )
Description: Generic_vo.exe1.0.0.04b1ae3bbunknown0.0.0.000000000c0000008779290181a0801d08a48a98d4afaC:\Users\len64\AppData\Local\Temp\is45637729\353080_stp\Generic_vo.exeunknowne74222db-f63b-11e4-8de3-5cff3507cf1b
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1435
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1435
 
Error: (05/08/2015 09:59:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-13 20:24:47.529
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 20:24:47.482
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 20:24:46.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 20:24:46.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 19:01:20.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 19:01:20.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 19:01:19.404
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-13 19:01:19.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-09 21:01:04.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-09 21:01:04.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Analog Lab 1.1.0 (HKLM-x32\...\analoglab073_is1) (Version: 1.1.0 - Arturia)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS RT-N66U Wireless Router Utilities (HKLM-x32\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.9.8 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Blue Iris 3 (HKLM-x32\...\{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.60.05 - Perspective Software) Hidden
Blue Iris 3 (HKLM-x32\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.60.05 - Perspective Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.75.0.2014 - Georgy Berdyshev)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Cross 3.3.10 (HKLM-x32\...\MixVibes Cross 3.3.10) (Version: 3.3.10 - MixVibes)
Cross RC 3.3.0 (HKLM-x32\...\MixVibes Cross RC 3.3.0) (Version: 3.3.0 - MixVibes)
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
DirectWave (HKLM-x32\...\DirectWave) (Version:  - Image-Line)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)
DX10 (HKLM-x32\...\DX10) (Version:  - Image-Line)
Edison (HKLM-x32\...\Edison) (Version:  - Image-Line)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2136 - Steinberg Media Technologies GmbH)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Groove Machine (HKLM-x32\...\Groove Machine) (Version:  - Image-Line)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line bvba)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version:  - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version:  - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
IPCSearch version 2.0 (HKLM-x32\...\IPCSearch_is1) (Version: 2.0 - PCamera)
Kaspersky Internet Security (HKLM-x32\...\{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
KORG KONTROL Editor (HKLM-x32\...\{2994E3F1-B6A3-40FD-860E-A54363FC266C}) (Version: 1.50.0000 - KORG Inc.)
KORG M1 Le (HKLM\...\{2D2D5665-7009-4F75-A0EA-C73F57700E36}) (Version: 1.1.0 - KORG Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maximus (HKLM-x32\...\Maximus) (Version:  - Image-Line)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Client Profile CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Extended CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
rekordbox 3.1.0 (HKLM-x32\...\Pioneer rekordbox 3.1.0) (Version: 3.1.0.2818 - Pioneer)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab)
Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Serato DJ  (HKLM-x32\...\{25706BAB-0608-4B55-8E6B-53657906DC95}) (Version: 1.7.4.9261 - Serato) Hidden
Serato DJ  (HKLM-x32\...\{acab160e-f39a-4668-9123-75301da301d3}) (Version: 1.7.4.9261 - )
SimSynth (HKLM-x32\...\SimSynth) (Version:  - Image-Line)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.3.88080 - Sonos, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
TagScanner 5.1.652 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.24 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
VCDS Release 12.12.0 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.0 - Ross-Tech)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WebGadget Soundcloud Downloader (HKLM-x32\...\WebGadget Soundcloud Downloader_is1) (Version:  - )
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xone:DB2 USB ASIO driver (HKLM\...\USB_AUDIO_DEusb-audio.deXONE_DB2) (Version:  - )
 
========================= Devices: ================================
 
Name: HDA CX20585 Soft Modem
Description: HDA CX20585 Soft Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: Modem
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5069&SUBSYS_17AA214D&REV_1003\4&36D503B2&0&0002
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 7987.66 MB
Available physical RAM: 6016.4 MB
Total Pagefile: 15973.52 MB
Available Pagefile: 13747.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.61 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:232.88 GB) (Free:89.36 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LEN64-PC
 
Administrator            Guest                    len64                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
21-04-2015 23:00:00 Scheduled Checkpoint
29-04-2015 23:00:00 Scheduled Checkpoint
30-04-2015 19:23:41 Windows Update
06-05-2015 19:38:59 Device Driver Package Install: Ross-Tech Universal Serial Bus controllers
10-05-2015 11:12:46 Windows Update
 
**** End of log ****


#4 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 02:39 PM

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 plugin-nm-server.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#5 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 02:46 PM

Oh and thanks for the assist!



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 13 May 2015 - 02:48 PM

Hi there,

Please run this next.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#7 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 02:54 PM

# AdwCleaner v4.203 - Logfile created 13/05/2015 at 20:51:47
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : len64 - LEN64-PC
# Running from : C:\Users\len64\Downloads\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inst.bubbledock.co.uk_0.localstorage
File Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inst.bubbledock.co.uk_0.localstorage-journal
File Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\len64\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Folder Found : C:\Program Files (x86)\Innovative Solutions
Folder Found : C:\Program Files\WebBar
Folder Found : C:\ProgramData\13777704000049b0
Folder Found : C:\ProgramData\7709b11200001cf3
Folder Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao
Folder Found : C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Folder Found : C:\Users\len64\AppData\Local\Innovative Solutions
Folder Found : C:\Users\len64\AppData\Local\Temp\DriverTurbo
Folder Found : C:\Users\len64\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\len64\AppData\Roaming\DriverTurbo
Folder Found : C:\Users\len64\AppData\Roaming\Innovative Solutions
Folder Found : C:\Users\len64\AppData\Roaming\Store
Folder Found : C:\Users\len64\AppData\Roaming\WTools
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SafeGuard
 
***** [ Scheduled tasks ] *****
 
Task Found : RocketTab
Task Found : RocketTab Update Task
Task Found : NetEngine
Task Found : WindApp Update
Task Found : Selection Tools Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\rttasks
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\WTools
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\rttasks
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\WTools
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\4a155c4d-d084-045d-a70d-0e1074be8eae
Key Found : HKLM\SOFTWARE\Classes\AppID\{2BB27047-C938-4EBC-9158-6C84F1CC09D1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A700506-A641-475A-8538-44AEE2F45DD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D692BF5-6C8C-4141-8C24-9CB731D78F75}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F840CB3-F4B0-4746-9211-94E5372FBD05}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BB27047-C938-4EBC-9158-6C84F1CC09D1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3DD579C6-640C-4873-9596-D5BD8ECB8E99}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{52A8C674-98FA-4A0A-9F64-C8B9D161FDC4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A700506-A641-475A-8538-44AEE2F45DD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E377247-6BEC-4961-84B4-B0FB7ADF84AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7081BB03-D2E6-4797-A2E7-C9EB331636C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74DDBF4E-EC16-468A-A6F4-6C1D250A4EC9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD8A44F-6DEF-4D91-952D-4492AC5E4306}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9892108A-038E-4D48-9D3C-D1E2A9B706EC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C0EE992D-B820-48A3-9339-363F5DA9545E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EFD2925B-400E-4B47-8CC4-33EB2E3232F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F930C6AB-C4F4-4CBC-97CB-49ED410F99CF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE97B593-B850-47EA-A787-977274C3B5B5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CD8A44F-6DEF-4D91-952D-4492AC5E4306}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Key Found : HKLM\SOFTWARE\SupDp
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\WebBar
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : lbfehkoinhhcknnbdgnnmjhiladcgbol
[C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bpphkkgodbfncbcpgopijlfakfgmclao
[C:\Users\len64\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://www.google.co.uk/", "hxxp://www.mystartsearch.com/?type=hp&ts=1431188532&z=cc03ff024854315f1ed41f5g5zccfg0g7b8b5w7zbo&from=ium5&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF101476Y
 
*************************
 
AdwCleaner[R0].txt - [6931 bytes] - [13/05/2015 20:51:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6990 bytes] ##########


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 13 May 2015 - 03:02 PM

Hi there,

Please re-run AdwCleaner and choose Cleaning for all detections.

After that please run this.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Afer that update Malwarebytes and perform a Threat Scan for me, then post the scan log here. Malwarebytes scan logs are located in History => Application Logs. Click on the entry of your Threat Scan, choose Export => Copy to Clipboard, then paste the log into your next reply.

Regards,
Alex

#9 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 03:11 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Professional x64
Ran by len64 on 13/05/2015 at 21:07:00.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\len64\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage
Successfully deleted: [File] C:\Users\len64\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal
Successfully deleted: [File] C:\Users\len64\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\len64\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\len64\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Successfully deleted: [Folder] C:\Users\len64\appdata\local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2015 at 21:10:27.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 13 May 2015 - 03:22 PM

Hi there,

Please proceed with the instructions for MBAM. Thank you :)

Alex

#11 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 May 2015 - 03:38 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/05/2015
Scan Time: 21:11:46
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.13.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: len64
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354381
Time Elapsed: 8 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

looking good?



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 13 May 2015 - 03:44 PM

Hi there,

Let's run this to clear up any leftovers.
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#13 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 14 May 2015 - 12:37 AM

C:\Users\All Users\rij\909EB601C1384344A0966A88871EBF5F\setup.exe Win32/OutBrowse.BH potentially unwanted application
C:\Users\All Users\rij\DF87395E22AF4C7D935B6F96B444BCD3\setup.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\ProgramData\rij\909EB601C1384344A0966A88871EBF5F\setup.exe Win32/OutBrowse.BH potentially unwanted application deleted - quarantined
C:\ProgramData\rij\DF87395E22AF4C7D935B6F96B444BCD3\setup.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application cleaned by deleting - quarantined
C:\Users\len64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TB7DJJWX\VuuPC_VO2_8907[1].exe a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\len64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3JRAEWQ\1[1].zip a variant of Win32/ELEX.BF potentially unwanted application deleted - quarantined
C:\Users\len64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3JRAEWQ\Iminent_HTML[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\len64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3JRAEWQ\SafeGuardSetup[1].exe Win32/Verti.L potentially unwanted application deleted - quarantined
C:\Users\len64\Desktop\Ableton Live 9 Suite 9.1.3 (Win 64 bit) (patch - io) [ChingLiu]\Patch\Ableton LivePatch [io].exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
C:\Users\len64\Documents\Vuze Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\len64\Downloads\Carl Craig - live at Boiler Room Detroit Love - 07 Mar 2015-DJDL.ORG.exe a variant of Win32/Adware.MultiPlug.JS application cleaned by deleting - quarantined
C:\Users\len64\Downloads\FMP.dmg a variant of OSX/Adware.Genieo.Y application deleted - quarantined
C:\Users\len64\Downloads\paranoid_london_-_transmission_5_(instrumental).exe a variant of Win32/Adware.MultiPlug.EI application cleaned by deleting - quarantined
C:\Users\len64\Downloads\Unconfirmed 100063.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 114562.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 213331.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 324002.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 352595.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 403921.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 454202.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 574216.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 61863.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 85323.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 894086.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 895421.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 973492.crdownload a variant of Win32/InstallCore.ZC potentially unwanted application deleted - quarantined
C:\Users\len64\Downloads\Unconfirmed 979803.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined
C:\Windows\rij.exe a variant of Win32/TrojanDownloader.Adcurl.A trojan cleaned by deleting - quarantined


#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:08 AM

Posted 14 May 2015 - 01:37 AM

Looks good.

How is the computer running now?

Alex

#15 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 15 May 2015 - 02:47 PM

Hey sorry for the delay. All looks good this end, i think its sorted.

 

Thank you very much for your help on this, it really is appreciated!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users