Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected


  • Please log in to reply
12 replies to this topic

#1 BnG

BnG

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 May 2015 - 08:33 PM

I'm using PeerBlock and my computer keeps getting an attempted connection from Big Red Group Pty Ltd. When I disable PeerBlock, my internet connection gets disabled on my computer; in other words, I lose connection until I reenable PeerBlock, thus reblocking it what I'm assuming is causing this to happen. Regardless if I have internet on my computer or not, I still receive attempted UDP connections from Big Red Group Pty Ltd. When I do have internet, I receive UDP, TCP, and the occasional IGMP connections from it. I don't really know what any of that means since I'm not familiar with any of the protocols or whatever, I'm just trying to put information out there that could potentially identify what's going on.

 

If I turn off PeerBlock and say run an antivirus or anti-malware program, it will freeze my computer. Not even control-alt-delete works; If I attempt to do that, it brings up "Preparing Security Options" and it just keeps loading, forcing me to manually turn off my computer since it won't load.

 

I ran Panda Free Antivirus and Malwarebytes Anti-Malware and they both detected things in my computer that were malicious, but after removing the malicious items, the problem persisted. Now when I run them, everything shows as clean, yet the same problem is happening. 

 

I'm not really sure what else I can do. I've tried restarting my router and computer already, but obviously that didn't work. I have Windows 7, if that information is needed.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 25 May 2015 - 11:17 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 May 2015 - 05:59 PM

I forgot to mention, I ran CCleaner previously to posting this thread as an attempt to fix the issue. Also, I did not mention this previously, but whenever I attempt to download something, I get flooded with connection attempts from Big Red Group Pty Ltd until my computer freezes. The connection attempts are there normally, but once downloading something starts it increases times 100.

 

After the step of running MWAV, my internet on my computer no longer works unless I go into Safe Mode With Networking. So I did the downloading/running of the programs after in Safe Mode all except for Zemana, since it wouldn't run in Safe Mode. So far this virus(?) is still present and the same things as the original post keep happening, now with my internet being cut off. 

 

Here are all the logs:

 

MWAV

26 May 2015 17:57:13 [0920] - **********************************************************

26 May 2015 17:57:13 [0920] - MWAV - eScanAV AntiVirus Toolkit.
26 May 2015 17:57:13 [0920] - Copyright © MicroWorld Technologies
26 May 2015 17:57:13 [0920] - **********************************************************
26 May 2015 17:57:13 [0920] - Source: C:\Users\HP\Desktop\mwav.exe
26 May 2015 17:57:13 [0920] - Version 14.0.178 (C:\USERS\HP\APPDATA\LOCAL\TEMP\MEXE.COM)
26 May 2015 17:57:13 [0920] - Log File: C:\Users\HP\AppData\Local\Temp\MWAV.LOG
26 May 2015 17:57:13 [0920] - MWAV Registered: TRUE
26 May 2015 17:57:13 [0920] - User Account: HP (Administrator Mode)
26 May 2015 17:57:13 [0920] - OS Type: Windows Workstation [InstallType: Client]
26 May 2015 17:57:13 [0920] - OS: Windows 7 64-Bit [OS Install Date: 31 Jul 2013 15:11:17]
26 May 2015 17:57:13 [0920] - Ver: Professional Service Pack 1 (Build 7601)
26 May 2015 17:57:13 [0920] - System Up Time: 3 Minutes, 30 Seconds
 
 
26 May 2015 17:57:13 [0920] - Parent Process Name : C:\Users\HP\Desktop\mwav.exe
26 May 2015 17:57:13 [0920] - Windows Root  Folder: C:\Windows
26 May 2015 17:57:13 [0920] - Windows Sys32 Folder: C:\Windows\system32
26 May 2015 17:57:13 [0920] - DHCP NameServer: 192.168.1.1
26 May 2015 17:57:13 [0920] - Interface0 DHCPNameServer: 192.168.1.1
26 May 2015 17:57:13 [0920] - Interface1 DHCPNameServer: 209.18.47.61 209.18.47.62
26 May 2015 17:57:13 [0920] - Interface2 DHCPNameServer: 192.168.1.1
26 May 2015 17:57:13 [0920] - Local Fixed Drives: c:\
26 May 2015 17:57:13 [0920] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
26 May 2015 17:57:13 [0920] - [CREATED ZIP FILE: C:\Users\HP\AppData\Local\Temp\pinfect.zip]
26 May 2015 17:57:13 [0920] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
26 May 2015 17:57:16 [0920] - ** Changed Value of "Path"
26 May 2015 17:57:16 [0920] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
26 May 2015 17:57:16 [0920] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
26 May 2015 17:57:16 [0920] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\HP\AppData\Local\Temp\ESCANDB.LOG]
26 May 2015 17:57:16 [0920] - Loaded/Created FileScan Cache Database...
26 May 2015 17:57:16 [0920] - Loading AV Library [DB]...
26 May 2015 17:57:31 [0920] - ArchiveScan: DISABLED
26 May 2015 17:57:32 [0920] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
26 May 2015 17:57:32 [0920] - MWAV doing self scanning...
26 May 2015 17:57:32 [0920] - MWAV files are clean.
26 May 2015 17:57:35 [0920] - ArchiveScan: DISABLED
26 May 2015 17:57:35 [0920] - Virus Database Date: 02 Mar 2015
26 May 2015 17:57:35 [0920] - Virus Database Count: 6701505
26 May 2015 17:57:35 [0920] - Sign Version: 7.59505 [518257]
26 May 2015 17:57:35 [0920] - Scheduler Service not enabled. Scheduler Feature Disabled.
26 May 2015 17:57:55 [0920] - Downloading AntiVirus and Anti-Spyware Databases...
26 May 2015 18:02:30 [0920] - Update Successful...
26 May 2015 18:03:08 [0920] - Indexed Spyware Databases Successfully Created...
26 May 2015 18:03:08 [0920] - Old Sign Version: 7.59505 New Sign Version: 7.60764
26 May 2015 18:03:16 [0920] - Reload of AntiVirus Signatures successfully done.
26 May 2015 18:03:16 [0920] - Virus Database Date: 26 May 2015
26 May 2015 18:03:16 [0920] - Virus Database Count: 5559646
26 May 2015 18:03:16 [0920] - Sign Version: 7.60764 [519516]
 
26 May 2015 18:04:11 [0920] - **********************************************************
26 May 2015 18:04:11 [0920] - MWAV - eScanAV AntiVirus Toolkit.
26 May 2015 18:04:11 [0920] - Copyright © MicroWorld Technologies
26 May 2015 18:04:11 [0920] - 
26 May 2015 18:04:11 [0920] - Support: support@escanav.com
26 May 2015 18:04:11 [0920] - Web: http://www.escanav.com
26 May 2015 18:04:11 [0920] - **********************************************************
26 May 2015 18:04:11 [0920] - Version 14.0.178[DB] (C:\USERS\HP\APPDATA\LOCAL\TEMP\MEXE.COM)
26 May 2015 18:04:11 [0920] - Log File: C:\Users\HP\AppData\Local\Temp\MWAV.LOG
26 May 2015 18:04:11 [0920] - User Account: HP (Administrator Mode)
26 May 2015 18:04:11 [0920] - Parent Process Name : C:\Users\HP\Desktop\mwav.exe
26 May 2015 18:04:11 [0920] - Windows Root  Folder: C:\Windows
26 May 2015 18:04:11 [0920] - Windows Sys32 Folder: C:\Windows\system32
26 May 2015 18:04:11 [0920] - OS: Windows 7 64-Bit [OS Install Date: 31 Jul 2013 15:11:17]
26 May 2015 18:04:11 [0920] - Ver: Professional Service Pack 1 (Build 7601)
26 May 2015 18:04:11 [0920] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
26 May 2015 18:04:11 [0920] - Scheduler Service not enabled. Scheduler Feature Disabled.
 
26 May 2015 18:04:11 [0bf0] - Options Selected by User:
26 May 2015 18:04:11 [0bf0] - Memory Check: Enabled
26 May 2015 18:04:11 [0bf0] - Registry Check: Enabled
26 May 2015 18:04:11 [0bf0] - StartUp Folder Check: Enabled
26 May 2015 18:04:11 [0bf0] - System Folder Check: Enabled
26 May 2015 18:04:11 [0bf0] - Services Check: Enabled
26 May 2015 18:04:11 [0bf0] - Scan Spyware: Enabled
26 May 2015 18:04:11 [0bf0] - Scan Archives: Disabled
26 May 2015 18:04:11 [0bf0] - Drive Check: Enabled
26 May 2015 18:04:11 [0bf0] - All Drive Check :Disabled
26 May 2015 18:04:11 [0bf0] - Drive Selected = C:\
26 May 2015 18:04:11 [0bf0] - Folder Check: Disabled
26 May 2015 18:04:11 [0bf0] - SCAN: All_Files [ANSI]
26 May 2015 18:04:11 [0bf0] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
26 May 2015 18:04:11 [0bf0] - Scanning DNS Records...
26 May 2015 18:04:11 [0bf0] - Scanning Master Boot Record (User)...
26 May 2015 18:04:11 [0bf0] - Scanning Logical Boot Records...
26 May 2015 18:04:12 [0bf0] - ***** Scanning For Hidden Rootkit Processes *****
26 May 2015 18:04:12 [0bf0] - ***** Scanning For Hidden Rootkit Services *****
 
26 May 2015 18:04:12 [0bf0] - ***** Scanning Memory Files *****
 
26 May 2015 18:04:16 [0bf0] - ***** Scanning Registry Files *****
 
26 May 2015 18:04:17 [0bf0] - ***** Scanning StartUp Folders *****
26 May 2015 18:04:23 [06b0] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin not Scanned. Possibly password protected...
26 May 2015 18:04:24 [0814] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin not Scanned. Possibly password protected...
26 May 2015 18:04:25 [02dc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsc4.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [02dc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsc4.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [02dc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npscs.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [0a20] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npscs.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [02dc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsls.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [0a20] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsls.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [09fc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsm2f.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [02dc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsm2f.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [0674] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsmw.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [09fc] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsres.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [0a20] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsmw.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [07a0] - C:\ProgramData\Panda Security\Panda Security Protection\NPS\npsres.idx not Scanned. Possibly password protected...
26 May 2015 18:04:25 [06b0] - C:\ProgramData\Panda Security\Panda Security Protection\Quarantine\psanbla.dat not Scanned. Possibly password protected...
26 May 2015 18:04:25 [06b0] - C:\ProgramData\Panda Security\Panda Security Protection\Quarantine\psanbla.idx not Scanned. Possibly password protected...
 
26 May 2015 18:04:25 [0bf0] - ***** Scanning Service Files *****
26 May 2015 18:04:31 [0bf0] - ERROR(2)!!! Invalid Entry system32\DRIVERS\sbapifs.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\sbapifs.
26 May 2015 18:04:31 [0bf0] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
26 May 2015 18:04:33 [0bf0] - ERROR(2)!!! Invalid Entry system32\DRIVERS\xb1usb.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\xb1usb.
 
26 May 2015 18:04:33 [0bf0] - ***** Scanning Registry and File system for Adware/Spyware *****
26 May 2015 18:04:33 [0bf0] - Loading Spyware Signatures from new External Database [Name: C:\Users\HP\AppData\Local\Temp\spydb.avs, Size: 464724]...
26 May 2015 18:04:33 [0bf0] - Indexed Spyware Databases Successfully Created...
 
26 May 2015 18:04:33 [0bf0] - Offending file found: C:\Users\HP\AppData\Roaming\Guildwork\Hook.dll
26 May 2015 18:04:33 [0bf0] - System found infected with AntiVirusAndTrojan Corrupted Adware/Spyware (Hook.dll)! Action taken: File Deleted.
26 May 2015 18:04:33 [0bf0] - Object "AntiVirusAndTrojan Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
 
26 May 2015 18:05:06 [0bf0] - System found infected with XLG Security Center Corrupted Adware/Spyware (IEBHO.DLL)! Action taken: Entries Removed.
26 May 2015 18:05:06 [0bf0] - Object "XLG Security Center Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
 
 
26 May 2015 18:05:07 [0bf0] - ***** Scanning Registry Files *****
26 May 2015 18:05:07 [0bf0] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
26 May 2015 18:05:07 [0bf0] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
26 May 2015 18:05:07 [0bf0] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
26 May 2015 18:05:07 [0bf0] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
26 May 2015 18:05:07 [0bf0] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
26 May 2015 18:05:07 [0bf0] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
26 May 2015 18:05:07 [0bf0] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
26 May 2015 18:05:07 [0bf0] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
26 May 2015 18:05:07 [0bf0] - ***** Scanning System32 Folders *****
 
 
26 May 2015 18:05:22 [0bf0] - ***** Scanning Drive C:\ *****
26 May 2015 18:05:30 [07a0] - Scanning File C:\hp\HPQWare\Favs\sr-Latn-CS\all\HP\Poridte si Skype – stažení zdarma.url
26 May 2015 18:07:14 [06b0] - ScanFile (C:\swsetup\AMDVid7\Packages\Drivers\Display\W76A_INF\B136266\atioglxx.dl_) took 10515 ms
26 May 2015 18:07:15 [02dc] - ScanFile (C:\swsetup\AMDVid7\Packages\Drivers\Display\W7_INF\B136266\atioglxx.dl_) took 10093 ms
26 May 2015 18:08:18 [0a20] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
26 May 2015 18:08:18 [0814] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
26 May 2015 18:08:28 [07a0] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\c7136613.inf_amd64_neutral_604ffa714c6a37cd\B136266\atioglxx.dll) took 6521 ms
26 May 2015 18:08:29 [0674] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atioglxx.dll) took 7379 ms
 
26 May 2015 18:10:48 [0bf0] - ***** Checking for specific ITW Viruses *****
 
26 May 2015 18:10:48 [0bf0] - ***** Scanning complete. *****
 
26 May 2015 18:10:48 [0bf0] - Total Objects Scanned: 215724
26 May 2015 18:10:48 [0bf0] - Total Critical Objects: 2
26 May 2015 18:10:48 [0bf0] - Total Disinfected Objects: 0
26 May 2015 18:10:48 [0bf0] - Total Objects Renamed: 0
26 May 2015 18:10:48 [0bf0] - Total Deleted Objects: 2
26 May 2015 18:10:48 [0bf0] - Total Errors: 2
26 May 2015 18:10:48 [0bf0] - Time Elapsed: 00:06:31
26 May 2015 18:10:48 [0bf0] - Virus Database Date: 26 May 2015
26 May 2015 18:10:48 [0bf0] - Virus Database Count: 5559646
26 May 2015 18:10:48 [0bf0] - Sign Version: 7.60764 [519516]
 
26 May 2015 18:10:48 [0bf0] - Scan Completed.
 
 
Zemana
Zemana AntiMalware 2.14.2.667 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/26
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i7-3540M CPU @ 3.00GHz
BIOS Mode             : Legacy
CUID                  : 000BEB931681044F0BD680
Scan Type             : Deep Scan
Duration              : 3m 13s
Scanned Objects       : 30776
Detected Objects      : 3
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
Widevine Media Optimizer
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\qgssh0ti.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : PUA.FirefoxExt!Gr
   Cleaning Action    : Repair
   Traces             :
                Extension - Widevine Media Optimizer
 
adwcleaner_4.205.exe
   Status             : Scanned
   Object             : %userprofile%\desktop\adwcleaner_4.205.exe
   MD5                : 5B73E70C3FD8EBFC6F284001C615749C
   Publisher          : -
   Size               : 2223104
   Version            : 4.2.0.5
   Detection          : Malware:Win32/Generic!Rmll
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\desktop\adwcleaner_4.205.exe
 
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detection          : Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.0 (05.25.2015:1)
OS: Windows 7 Professional x64
Ran by HP on Tue 05/26/2015 at 18:29:49.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\HP\appdata\local\chromatic browser
Successfully deleted: [Folder] C:\Users\HP\appdata\local\torch
Successfully deleted: [Folder] C:\Users\HP\appdata\local\wincheck
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\qgssh0ti.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
[C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\HP\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/26/2015 at 18:32:20.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
ADW
# AdwCleaner v4.205 - Logfile created 26/05/2015 at 18:41:16
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : HP - HP-HP
# Running from : C:\Users\HP\Downloads\adwcleaner_4.205.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\27697b827eb67761
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Uniblue
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [1829 bytes] - [26/05/2015 18:41:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1888 bytes] ##########
 


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 27 May 2015 - 05:47 PM

Re-run adware cleaner, this time hit the cleaning button.

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 27 May 2015 - 08:28 PM

I reran the adware cleaner but nothing came up listed. I clicked clean afterwards and the log pasted in here is the one it gave me.

 

ADW

# AdwCleaner v4.205 - Logfile created 27/05/2015 at 20:07:14

# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : HP - HP-HP
# Running from : C:\Users\HP\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [1971 bytes] - [26/05/2015 18:41:16]
AdwCleaner[R1].txt - [961 bytes] - [27/05/2015 20:00:13]
AdwCleaner[R2].txt - [1013 bytes] - [27/05/2015 20:02:02]
AdwCleaner[R3].txt - [1071 bytes] - [27/05/2015 20:06:24]
AdwCleaner[S0].txt - [2009 bytes] - [26/05/2015 18:44:45]
AdwCleaner[S1].txt - [998 bytes] - [27/05/2015 20:07:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1056  bytes] ##########
 
 
 
Adware Removal Tool
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_05_27_20_14_21
OS: Windows 7 - 64 Bit
Account Name: HP
U0L0S12
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5c77b0b0_0:
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
 
 
 
ZHP Cleaner
~ ZHPCleaner v2015.5.27.258 by Nicolas Coolman (2015\05\27)
~ Run by HP (Administrator)  (27/05/2015 20:28:37)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\HP\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\HP\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious items found.
 
 
---\\  Registry ( Key, Value, Data) (9)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED key*: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\HP\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 2830
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 9
 
 
End of clean at 20:28:49
===================
ZHPCleaner-[R]-27052015-20_28_49.txt
ZHPCleaner-[S]-27052015-20_27_03.txt
 
 
 
Security Check
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Panda Free Antivirus            
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Zemana AntiMalware    
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome 39.0.2171.95 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
Minitoolbox
MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by HP (administrator) on 27-05-2015 at 20:36:52
Running from "C:\Users\HP\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP EliteBook 8470p Manufacturer: Hewlett-Packard
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Connected)
Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?3 subinterface=ethernet_10 mtu=1477
set subinterface interface=?3 subinterface=ethernet_9 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : HP-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 6C-88-14-2B-FB-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
   Physical Address. . . . . . . . . : 6C-88-14-2B-FB-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : D4-C9-EF-E7-66-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f0a4:1eca:1ef0:3ba9%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 27, 2015 8:32:23 PM
   Lease Expires . . . . . . . . . . : Thursday, May 28, 2015 8:32:22 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 237787621
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-37-8B-6B-D4-C9-EF-E7-66-F2
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{4A1DA171-2271-4AA5-BB48-CC671D8B1C52}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{96F012D7-481B-4618-99CD-3D208A468C93}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9B8A6CA6-E826-4A89-9891-ED997B1325D7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:809::200e
 216.58.218.206
 
 
Pinging google.com [216.58.218.174] with 32 bytes of data:
Reply from 216.58.218.174: bytes=32 time=50ms TTL=51
Reply from 216.58.218.174: bytes=32 time=41ms TTL=51
 
Ping statistics for 216.58.218.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 50ms, Average = 45ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=90ms TTL=52
Reply from 98.138.253.109: bytes=32 time=93ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 90ms, Maximum = 93ms, Average = 91ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...6c 88 14 2b fb cd ......Microsoft Virtual WiFi Miniport Adapter
 15...6c 88 14 2b fb cc ......Intel® Centrino® Advanced-N 6205
 11...d4 c9 ef e7 66 f2 ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::f0a4:1eca:1ef0:3ba9/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/27/2015 08:34:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:11:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:07:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:05:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 06:46:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.
 
Error: (05/27/2015 06:46:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.
 
Error: (05/27/2015 06:46:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: 12007 (0x2ee7).
 
Error: (05/27/2015 06:40:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/26/2015 06:47:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/26/2015 06:38:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/27/2015 08:34:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:18 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (05/27/2015 08:34:17 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:34:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:32:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/27/2015 08:32:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (05/27/2015 08:34:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:11:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:07:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 08:05:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/27/2015 06:46:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (05/27/2015 06:46:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (05/27/2015 06:46:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (05/27/2015 06:40:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/26/2015 06:47:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/26/2015 06:38:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-25 22:57:46.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSKMAD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 22:57:46.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSKMAD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3BB84228}) (Version: 1.7.28.0 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.28.0 - Alcor Micro Corp.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{EC8D12E4-A73C-4C27-B1C7-E9683052E556}) (Version: 4.5.25.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3E26BB6F-F8EE-492F-923F-B0130D9D4646}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-GB, Hazel) (HKLM-x32\...\{9F1B2D5B-E203-4A4F-9EBD-AF04489EE058}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Panda Devices Agent (HKLM-x32\...\{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}) (Version: 1.05.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Free Antivirus (HKLM\...\{3EFFD82C-5F18-4494-A4B8-FBB045DA68A3}) (Version: 7.82.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0004 - Panda Security)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
qBittorrent 3.1.0 (HKLM-x32\...\qbittorrent) (Version: 3.1.0 - The qBittorrent project)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealSpeak Solo for UK English Emily (HKLM-x32\...\{A182077A-8D6B-4194-B48A-B4DC37C69907}) (Version: 4.00.0000 - ScanSoft)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.4.4 - Shark007)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIP Access SDK (1.1.0.7)  (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
x64Components v2.4.4 (HKLM\...\Standard x64Components_is1) (Version: 2.4.4 - Shark007)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.14.667 - Zemana Ltd.)
 
========================= Devices: ================================
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 8%
Total physical RAM: 12219.56 MB
Available physical RAM: 11132.45 MB
Total Pagefile: 24437.32 MB
Available Pagefile: 23369.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.08 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:238.47 GB) (Free:82.88 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HP-HP
 
Administrator            Guest                    HP                       
 
 
**** End of log ****
 
 
 
ESET
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\swsetup\WinZBas\Setup.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhbplbcppmacknfiljbhoffpkdhnpi\5.2\pJwec5a7.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\HP\Downloads\FREEAV.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Windows\Installer\6f00e.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 27 May 2015 - 08:53 PM

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

 

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#7 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 27 May 2015 - 10:03 PM

Malwarebytes Anti-Malware and Anti-Rootkit both found nothing, but I pasted the logs of them in here in case you still wanted to see them.

 

Minitoolbox

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by HP (administrator) on 27-05-2015 at 22:10:47
Running from "C:\Users\HP\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP EliteBook 8470p Manufacturer: Hewlett-Packard
Boot Mode: Network
***************************************************************************
========================= Hosts content: =================================
 
::1             localhost
127.0.0.1       localhost
 
 
**** End of log ****
 
 
 
 
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/27/2015
Scan Time: 10:16:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.27.05
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HP
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395753
Time Elapsed: 5 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
9-Lab
9-lab Removal Tool 1.0.0.35 BETA
9-lab.com
 
Database version: 104.31440
 
Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17801
HP :: HP-HP
 
5/27/2015 10:27:51 PM
9lab-log-2015-05-27 (22-27-51).txt
 
Scan type: Full
Objects scanned: 44572
Time Elapsed: 15 m 43 s
 
Registry Values detected: 1
Hijack.AppPaths [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]
 
 
Files detected: 10
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\Tempo.txt]
[01B3EC4A476B1FE3F8E7B198641543E3] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\Trace.txt]
[B7785A9EAAF361995D1077E64E5766F2] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\ZHPCleaner-[R]-27052015-20_28_49.txt]
[7A822CC6D969FD2199C97B837E35F86B] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\ZHPCleaner-[S]-27052015-20_27_03.txt]
[A12ED5BBCB444542F43C3E5BA33B3A14] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\ZHPCleaner.exe]
[4890E0B05BA049E21892FEB3FC64B430] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\ZHPCleaner.txt]
[51844E60A7BCD7DCED4696C938836F1F] Trojan.FPL.Rotbrow.vb [c:\users\hp\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[9C8E2954DFFC30E677F65A127653B8CE] Adware.Win32.Downloader.vb!n [C:\swsetup\WLANath\Setup.exe]
[50EAD703054DE1EE868955773C63634F] Malware.Win32.Gen.sm [C:\Users\HP\Desktop\JRT.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.sm [C:\Users\HP\Desktop\rsthosts_2.0.exe]
 
 
 
 
 
MBAR

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.05.27.05
  rootkit: v2015.05.24.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17801
HP :: HP-HP [administrator]
 
5/27/2015 10:47:58 PM
mbar-log-2015-05-27 (22-47-58).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 396672
Time elapsed: 4 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#8 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 28 May 2015 - 06:27 PM

To update, all the problems are still present. My internet works without Safe Mode now though, but trying to go to Google gives me an error page. It says "Unable to access the network. ERR_NETWORK_ACCESS_DENIED"

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 28 May 2015 - 06:41 PM

Can you try and reset your browsers.

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

 

Also reset your router to factory settings.

http://www.wikihow.com/Reset-a-Linksys-Router



#10 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 28 May 2015 - 07:35 PM

I did those things and it didn't fix anything.

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 29 May 2015 - 12:27 AM

Make certain that you remove one of the following antivirus, you can only have one installed on your machine at a time.

 

Panda Free Antivirus            
Microsoft Security Essentials  

 

 

Open your device manager.SoAuhSB.png hit the start button then copy and paste devmgmt.msc into the start search box hit enter.

Left click the + next to network adapters, right click and un-install your wireless driver and your ethernet driver, make sure and do not tick the box that says delete driver.

eeNtxH2.png

Then, click the View menu and select Show hidden devices
Then click on 27sS1dS.png

Then scroll down right click and uninstall the drivers listed below, don't worry these will be reinstalled upon reboot by windows.
 

  • Ancillary Function Driver for Winsock
  • Net BT
  • Http
  • Net Io Legacy Support Driver
  • Tcp/ip Protical Driver
  • Tcp/ip Registry Compatibility
  • NSI proxy Service
  • ide channel
  • Nd Proxy
  • Security Driver
  • Security Processor Loader Driver
  • Windows Firewall Authorization Driver


Each of these files will request a reboot after uninstall.
XHuCZH2.png

Select no until you uninstall the  Windows Firewall Authorization Driver then select Yes to reboot your machine.

 

 

 
If you still have issues then do the following.
 

Please create a new topic here.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

Post a link to this thread in your new topic, also post a link to your new topic here.   Good Luck.


Edited by InadequateInfirmity, 29 May 2015 - 12:32 AM.


#12 BnG

BnG
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 29 May 2015 - 08:45 PM

The last step seems to have made it worse. Here is the link to the new thread: http://www.bleepingcomputer.com/forums/t/577788/getting-flooded-by-random-ips-and-computer-freezing/?p=3720479

 

Thank you for trying to help me.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 29 May 2015 - 09:50 PM

Good luck. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users