Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dns spoofing


  • This topic is locked This topic is locked
24 replies to this topic

#1 CubicR

CubicR

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 02 June 2015 - 11:15 AM

Hello would appreciate any help

 

I get dns spoofing frequently according to "WorldIP."  This has been going on for some time.  I'm not sure how reliable WorldIP is?  I've changed my dns servers a couple of times without success.  I've tried using ipconfig /flushdns before, after, and while using a browser with limited success.  Sometimes it fends off the "spoofers" as it were and sometimes not. 

 

 

cubicr



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 03 June 2015 - 04:30 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 03 June 2015 - 05:13 PM

Did all the scans and here are the log files you requested:

 

 

Here is the eScanAV results:


03 Jun 2015 13:32:37 [0444] - **********************************************************
03 Jun 2015 13:32:37 [0444] - MWAV - eScanAV AntiVirus Toolkit.
03 Jun 2015 13:32:37 [0444] - Copyright © MicroWorld Technologies
03 Jun 2015 13:32:37 [0444] - **********************************************************
03 Jun 2015 13:32:37 [0444] - Version 14.0.178 (C:\USERS\TRIPR\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
03 Jun 2015 13:32:37 [0444] - Log File: C:\Users\TripR\AppData\Local\Temp\LOG\MWAV.LOG
03 Jun 2015 13:32:37 [0444] - MWAV Registered: TRUE
03 Jun 2015 13:32:37 [0444] - User Account: TripR (Administrator Mode)
03 Jun 2015 13:32:37 [0444] - OS Type: Windows Workstation [InstallType: Client]
03 Jun 2015 13:32:37 [0444] - OS: Windows 7 64-Bit [OS Install Date: 15 Apr 2013 15:45:01]
03 Jun 2015 13:32:37 [0444] - Ver: Personal Service Pack 1 (Build 7601)
03 Jun 2015 13:32:37 [0444] - System Up Time: 10 Minutes, 53 Seconds
03 Jun 2015 13:32:37 [0444] - Parent Process Name : c:\Windows\explorer.exe
03 Jun 2015 13:32:37 [0444] - Windows Root  Folder: C:\Windows
03 Jun 2015 13:32:37 [0444] - Windows Sys32 Folder: C:\Windows\system32
03 Jun 2015 13:32:37 [0444] - DHCP NameServer: 192.168.1.139
03 Jun 2015 13:32:37 [0444] - Interface0 DHCPNameServer: 209.222.18.222 209.222.18.218
03 Jun 2015 13:32:37 [0444] - Interface0 NameServer: 208.67.222.222,208.67.220.220
03 Jun 2015 13:32:37 [0444] - Interface1 DHCPNameServer: 192.168.1.139
03 Jun 2015 13:32:37 [0444] - Local Fixed Drives: c:\,d:\,k:\
03 Jun 2015 13:32:37 [0444] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
03 Jun 2015 13:32:37 [0444] - [CREATED ZIP FILE: C:\Users\TripR\AppData\Local\Temp\pinfect.zip]
03 Jun 2015 13:32:39 [0444] - Latest Date of files inside MWAV: Wed Jun  3 20:47:06 2015.
03 Jun 2015 13:32:39 [0444] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\TripR\AppData\Local\Temp\LOG\ESCANDB.LOG]
03 Jun 2015 13:32:39 [0444] - Loaded/Created FileScan Cache Database...
03 Jun 2015 13:32:39 [0444] - Loading AV Library [DB]...
03 Jun 2015 13:32:51 [0444] - ArchiveScan: DISABLED
03 Jun 2015 13:32:51 [0444] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
03 Jun 2015 13:32:51 [0444] - MWAV doing self scanning...
03 Jun 2015 13:32:51 [0444] - MWAV files are clean.
03 Jun 2015 13:32:51 [0444] - ArchiveScan: DISABLED
03 Jun 2015 13:32:51 [0444] - Virus Database Date: 03 Jun 2015
03 Jun 2015 13:32:51 [0444] - Virus Database Count: 5648581
03 Jun 2015 13:32:51 [0444] - Sign Version: 7.60885 [519637]
03 Jun 2015 13:32:54 [0444] - Downloading AntiVirus and Anti-Spyware Databases...
03 Jun 2015 13:33:14 [0444] - Update Successful...
03 Jun 2015 13:33:17 [0444] - Old Sign Version: 7.60885    New Sign Version: 7.60886
03 Jun 2015 13:33:24 [0444] - Reload of AntiVirus Signatures successfully done.
03 Jun 2015 13:33:24 [0444] - Virus Database Date: 03 Jun 2015
03 Jun 2015 13:33:24 [0444] - Virus Database Count: 5654257
03 Jun 2015 13:33:24 [0444] - Sign Version: 7.60886 [519638]
 
03 Jun 2015 13:34:15 [0444] - **********************************************************
03 Jun 2015 13:34:15 [0444] - MWAV - eScanAV AntiVirus Toolkit.
03 Jun 2015 13:34:15 [0444] - Copyright © MicroWorld Technologies
03 Jun 2015 13:34:15 [0444] -
03 Jun 2015 13:34:15 [0444] - Support: support@escanav.com
03 Jun 2015 13:34:15 [0444] - Web: http://www.escanav.com
03 Jun 2015 13:34:15 [0444] - **********************************************************
03 Jun 2015 13:34:15 [0444] - Version 14.0.178[DB] (C:\USERS\TRIPR\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
03 Jun 2015 13:34:15 [0444] - Log File: C:\Users\TripR\AppData\Local\Temp\LOG\MWAV.LOG
03 Jun 2015 13:34:15 [0444] - User Account: TripR (Administrator Mode)
03 Jun 2015 13:34:15 [0444] - Parent Process Name : c:\Windows\explorer.exe
03 Jun 2015 13:34:15 [0444] - Windows Root  Folder: C:\Windows
03 Jun 2015 13:34:15 [0444] - Windows Sys32 Folder: C:\Windows\system32
03 Jun 2015 13:34:15 [0444] - OS: Windows 7 64-Bit [OS Install Date: 15 Apr 2013 15:45:01]
03 Jun 2015 13:34:15 [0444] - Ver: Personal Service Pack 1 (Build 7601)
03 Jun 2015 13:34:15 [0444] - Latest Date of files inside MWAV: Wed Jun  3 20:47:06 2015.
 
03 Jun 2015 13:34:15 [01e4] - Options Selected by User:
03 Jun 2015 13:34:15 [01e4] - Memory Check: Enabled
03 Jun 2015 13:34:15 [01e4] - Registry Check: Enabled
03 Jun 2015 13:34:15 [01e4] - StartUp Folder Check: Enabled
03 Jun 2015 13:34:15 [01e4] - System Folder Check: Enabled
03 Jun 2015 13:34:15 [01e4] - Services Check: Enabled
03 Jun 2015 13:34:15 [01e4] - Scan Spyware: Enabled
03 Jun 2015 13:34:15 [01e4] - Scan Archives: Disabled
03 Jun 2015 13:34:15 [01e4] - Drive Check: Enabled
03 Jun 2015 13:34:15 [01e4] - All Drive Check :Disabled
03 Jun 2015 13:34:15 [01e4] - Drive Selected = C:\
03 Jun 2015 13:34:15 [01e4] - Folder Check: Disabled
03 Jun 2015 13:34:15 [01e4] - SCAN: All_Files [ANSI]
03 Jun 2015 13:34:15 [01e4] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
03 Jun 2015 13:34:15 [01e4] - Scanning DNS Records...
03 Jun 2015 13:34:15 [01e4] - Scanning Master Boot Record (User)...
03 Jun 2015 13:34:15 [01e4] - Scanning Logical Boot Records...
03 Jun 2015 13:34:16 [01e4] - ***** Scanning For Hidden Rootkit Processes *****
03 Jun 2015 13:34:16 [01e4] - ***** Scanning For Hidden Rootkit Services *****
 
03 Jun 2015 13:34:20 [01e4] - ***** Scanning Memory Files *****
 
03 Jun 2015 13:34:24 [01e4] - ***** Scanning Registry Files *****
 
03 Jun 2015 13:34:27 [01e4] - ***** Scanning StartUp Folders *****
03 Jun 2015 13:38:33 [093c] - C:\Users\TripR\Desktop\win vista\Admin\AppData\Local\Cisco\Cisco HostScan\lib\scpt.dat not Scanned. Possibly password protected...
03 Jun 2015 13:38:33 [0740] - C:\Users\TripR\Desktop\win vista\Admin\AppData\Local\Cisco\Cisco HostScan\lib\tables.dat not Scanned. Possibly password protected...
 
03 Jun 2015 13:40:46 [01e4] - ***** Scanning Service Files *****
03 Jun 2015 13:40:46 [0804] - Scanning File C:\ProgramData\Windows App Certification Kit\es-es\wslk_strings.xml
03 Jun 2015 13:40:56 [01e4] - ERROR(2)!!! Invalid Entry C:\Windows\system32\EasyAntiCheat.exe. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\EasyAntiCheat.
03 Jun 2015 13:41:03 [01e4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\KeyCrypt64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\keycrypt.
03 Jun 2015 13:41:18 [01e4] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
03 Jun 2015 13:41:27 [01e4] - ***** Scanning Registry and File system for Adware/Spyware *****
03 Jun 2015 13:41:28 [01e4] - Loading Spyware Signatures from new External Database [Name: C:\Users\TripR\AppData\Local\Temp\spydb.avs, Size: 464724]...
03 Jun 2015 13:41:28 [01e4] - Indexed Spyware Databases Successfully Created...
 
03 Jun 2015 13:41:34 [01e4] - Offending file found: C:\Users\TripR\Desktop\win vista\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ll4tewcs.default\extensions\{EE5982BF-0E3B-4B58-8A92-75E59BE1F972}\chrome\content\id_pr_toolbar762012\basis.xml
03 Jun 2015 13:41:34 [01e4] - System found infected with TheLocalSearch Spyware/Adware (basis.xml)! Action taken: File Deleted.
03 Jun 2015 13:41:34 [01e4] - Object "TheLocalSearch Spyware/Adware" found in File System! Action Taken: File Deleted.

 
03 Jun 2015 13:41:36 [01e4] - ***** Scanning Registry Files *****
03 Jun 2015 13:41:36 [01e4] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
03 Jun 2015 13:41:36 [01e4] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
03 Jun 2015 13:41:36 [01e4] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
03 Jun 2015 13:41:36 [01e4] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
03 Jun 2015 13:41:36 [01e4] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
03 Jun 2015 13:41:37 [01e4] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
03 Jun 2015 13:41:37 [01e4] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.propublica.org/
03 Jun 2015 13:41:37 [01e4] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.propublica.org/
 
03 Jun 2015 13:41:37 [01e4] - ***** Scanning System32 Folders *****
 
03 Jun 2015 13:42:47 [031c] - Scanning File C:\Users\TripR\AppData\Local\Temp\MWZ3FD5.tmp
 
03 Jun 2015 13:43:28 [01e4] - ***** Scanning Drive C:\ *****
03 Jun 2015 13:58:22 [0e40] - Scanning File C:\System Volume Information\{1108061b-fa44-11e4-b920-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0748] - Scanning File C:\System Volume Information\{71d9fb84-03bf-11e5-9978-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [093c] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0804] - Scanning File C:\System Volume Information\{7b61a328-059e-11e5-93af-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0740] - Scanning File C:\System Volume Information\{57d847ab-009f-11e5-a8ea-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0edc] - Scanning File C:\System Volume Information\{7b61a32c-059e-11e5-93af-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [031c] - Scanning File C:\System Volume Information\{7b61a330-059e-11e5-93af-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0e40] - Scanning File C:\System Volume Information\{7b61a33d-059e-11e5-93af-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [093c] - Scanning File C:\System Volume Information\{8c5183c3-060a-11e5-a44b-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0fdc] - Scanning File C:\System Volume Information\{1b425535-08ca-11e5-b168-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0748] - Scanning File C:\System Volume Information\{7b61a373-059e-11e5-93af-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 13:58:23 [0804] - Scanning File C:\System Volume Information\{b1261383-fd7c-11e4-8be4-0022153425f9}{3808876b-c176-4e48-b7ae-04046e6cc752}
03 Jun 2015 14:07:05 [0804] - ScanFile (C:\Windows\Installer\d5d63.msp) took 5413 ms
03 Jun 2015 14:12:45 [0740] - C:\Windows\Temp\TMP000000526C75915F80B6E60A not Scanned. Possibly password protected...
03 Jun 2015 14:24:17 [0e40] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll) took 5320 ms
 
03 Jun 2015 14:27:00 [01e4] - ***** Checking for specific ITW Viruses *****
 
03 Jun 2015 14:27:01 [01e4] - ***** Scanning complete. *****
 
03 Jun 2015 14:27:01 [01e4] - Total Objects Scanned: 305294
03 Jun 2015 14:27:01 [01e4] - Total Critical Objects: 1
03 Jun 2015 14:27:01 [01e4] - Total Disinfected Objects: 0
03 Jun 2015 14:27:01 [01e4] - Total Objects Renamed: 0
03 Jun 2015 14:27:01 [01e4] - Total Deleted Objects: 1
03 Jun 2015 14:27:01 [01e4] - Total Errors: 2
03 Jun 2015 14:27:01 [01e4] - Time Elapsed: 00:52:01
03 Jun 2015 14:27:01 [01e4] - Virus Database Date: 03 Jun 2015
03 Jun 2015 14:27:01 [01e4] - Virus Database Count: 5654257
03 Jun 2015 14:27:01 [01e4] - Sign Version: 7.60886 [519638]
 
03 Jun 2015 14:27:01 [01e4] - Scan Completed.





Here is the results of Zemana:


Zemana AntiMalware 2.15.2.229 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/3
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™2 Quad CPU  Q6600 @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 00DEA8558B86094D0A1380
Scan Type              : Deep Scan
Duration               : 41m 29s
Scanned Objects        : 240918
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.propublica.org/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Exclude
Traces             :
                Browser Setting - Internet Explorer Homepage

Firefox Homepage
Status             : Scanned
Object             : http://www.propublica.org/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Exclude
Traces             :
                Browser Setting - Firefox Homepage

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\desktop\tools\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Delete
Traces             :
                File - %userprofile%\desktop\tools\ninja-setup-3.0.6.exe

JRT.exe
Status             : Scanned
Object             : %userprofile%\desktop\jrt.exe
MD5                : 8097A9A1E79F2FA251089E5E285DF90E
Publisher          : -
Size               : 2942610
Version            : 1.2.0.715
Detection          : Heur.Malicious!Pa
Cleaning Action    : Exclude
Traces             :
                File - %userprofile%\desktop\jrt.exe

registrybooster.exe
Status             : Scanned
Object             : %userprofile%\desktop\desktop\unused\registrybooster.exe
MD5                : 235D485DE1C788F4F93AD2EC0F4E3A7F
Publisher          : Uniblue Systems
Size               : 5272464
Version            : 4.7.6.9
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Delete
Traces             :
                File - %userprofile%\desktop\desktop\unused\registrybooster.exe

EVE_Classic_Setup_56866.exe
Status             : Failed
Object             : %userprofile%\desktop\desktop\files from winxp\me\my downloads\games\eve online\eve_classic_setup_56866.exe
MD5                : B9AB1B82D93FBB8A67501E9E6F9696F0
Publisher          : CCP hf.
Size               : 472576
Version            : 5.10.0.56866
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\desktop\files from winxp\me\my downloads\games\eve online\eve_classic_setup_56866.exe

drbclientinstall_cd.exe
Status             : Scanned
Object             : %userprofile%\desktop\desktop\files from winxp\me\my downloads\games\doylesroom poker\drbclientinstall_cd.exe
MD5                : 5EC3731BD8130185F22D2370A1F9F979
Publisher          : Microgaming Software Systems Limited
Size               : 9721376
Version            : 2.0.4.2
Detection          : Malware:Win32/Quarand!Remr
Cleaning Action    : Delete
Traces             :
                File - %userprofile%\desktop\desktop\files from winxp\me\my downloads\games\doylesroom poker\drbclientinstall_cd.exe




Here is the results of Junkware removal tool:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 7 Home Premium x64
Ran by TripR on Wed 06/03/2015 at 15:23:25.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6E1C8391-02D8-491F-B189-CE215F5240D5}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\TripR\AppData\Roaming\mozilla\firefox\profiles\5qqvy8y7.default\extensions\staged
Successfully deleted the following from C:\Users\TripR\AppData\Roaming\mozilla\firefox\profiles\5qqvy8y7.default\prefs.js

user_pref(browser.search.hiddenOneOffs, Google,Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),Ixquick HTTPS,Startpage HTTPS);
Emptied folder: C:\Users\TripR\AppData\Roaming\mozilla\firefox\profiles\5qqvy8y7.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/03/2015 at 15:26:48.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Here is the results of Adware cleaner:



# AdwCleaner v4.206 - Logfile created 03/06/2015 at 15:32:33
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : TripR - TRIPR-PC
# Running from : C:\Users\TripR\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1168 bytes] - [26/10/2014 17:19:08]
AdwCleaner[R1].txt - [1228 bytes] - [26/10/2014 17:27:11]
AdwCleaner[R2].txt - [911 bytes] - [26/10/2014 17:34:29]
AdwCleaner[R3].txt - [1029 bytes] - [26/10/2014 17:42:06]
AdwCleaner[R4].txt - [1602 bytes] - [03/06/2015 15:30:01]
AdwCleaner[S0].txt - [1292 bytes] - [26/10/2014 17:29:31]
AdwCleaner[S1].txt - [964 bytes] - [26/10/2014 17:37:59]
AdwCleaner[S2].txt - [1084 bytes] - [26/10/2014 17:45:47]
AdwCleaner[S3].txt - [1529 bytes] - [03/06/2015 15:32:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1588  bytes] ##########
 

 

Still flickering,

 

cubic



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 03 June 2015 - 05:49 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 04 June 2015 - 12:44 AM

Did all the scans and here are the log files you requested:

 

 

 

Here is the adware-removal results:



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_06_03_19_27_48
OS: Windows 7 - 64 Bit
Account Name: TripR
U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished




Here is the ZHPCleaner results:



~ ZHPCleaner v2015.6.3.265 by Nicolas Coolman (2015\06\3)
~ Run by TripR (Administrator)  (03/06/2015 19:44:25)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\TripR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\TripR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (4)
MOVED folder: C:\Windows\Installer\MSI199A.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9D2D.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIA450.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIEA24.tmp- (Empty)


---\\  Registry ( Key, Value, Data) (1)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1445
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6


End of clean at 19:44:47
===================
ZHPCleaner-[R]-03062015-19_44_47.txt
ZHPCleaner-[S]-03062015-19_43_41.txt





Here is the SecurityCheck results:


 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 8 Update 45  
 Visual Studio Extensions for Windows Library for JavaScript
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````





Here is the MiniToolbox results:


MiniToolBox by Farbar  Version: 14-04-2015
Ran by TripR (administrator) on 03-06-2015 at 19:51:04
Running from "C:\Users\TripR\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: KQ505AA-ABA m8517c Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 3 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : TripR-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : knology.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : knology.net
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cd2c(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 03, 2015 4:42:49 PM
   Lease Expires . . . . . . . . . . : Thursday, June 04, 2015 6:15:58 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234889749
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-FE-38-48-00-22
   DNS Servers . . . . . . . . . . . : 2620:0:ccc::2
                                       2620:0:ccd::2
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Connection-specific DNS Suffix Search List :
                                       knology.net

Tunnel adapter isatap.{F8C02025-251A-4503-BD60-7BC45658D035}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : knology.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2620:0:ccc::2


Pinging google.com [24.124.1.173] with 32 bytes of data:
Reply from 24.124.1.173: bytes=32 time=48ms TTL=55
Reply from 24.124.1.173: bytes=32 time=48ms TTL=55

Ping statistics for 24.124.1.173:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 48ms, Average = 48ms
Server:  UnKnown
Address:  2620:0:ccc::2


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=80ms TTL=47
Reply from 98.139.183.24: bytes=32 time=75ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 80ms, Average = 77ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 22 15 34 25 f9 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.139    192.168.1.101     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    266
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::cd2c:a552:5a25:65d3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2015 07:14:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (06/03/2015 07:14:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (06/03/2015 05:01:24 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:59:33 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:59:03 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:58:48 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:58:41 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:58:13 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:57:44 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506

Error: (06/03/2015 04:43:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2015 07:35:44 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/03/2015 07:35:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the

service.

Error: (06/03/2015 04:42:57 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%1058

Error: (06/03/2015 04:42:43 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%1058

Error: (06/03/2015 04:03:10 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%1058

Error: (06/03/2015 04:02:56 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%1058

Error: (06/03/2015 03:34:45 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%1058

Error: (06/03/2015 03:34:27 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%1058

Error: (06/03/2015 03:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in

300000 milliseconds: Restart the service.

Error: (06/03/2015 03:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in

300000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/03/2015 07:14:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\TripR\Desktop\esetsmartinstaller_enu.exe

Error: (06/03/2015 07:14:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\TripR\Downloads\esetsmartinstaller_enu.exe

Error: (06/03/2015 05:01:24 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:59:33 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:59:03 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:58:48 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:58:41 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:58:13 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:57:44 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/03/2015 04:43:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



=========================== Installed Programs ============================
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
BabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brackets (HKLM-x32\...\{CA6586CA-1C03-488B-B791-2A4533C1B1C6}) (Version: 0.35 - brackets.io)
Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.45.15 - Oracle Corporation) Hidden
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows Phone 8.1 XAML - ENU (x32 Version: 8.1.40427.0 - Microsoft Corporation) Hidden
Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.40402.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET and Web Tools 2013.4 - Visual Studio 2013 (x32 Version: 12.4.51016.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.2.21010.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft Azure Mobile Services SDK (x32 Version: 1.0.21007.0 - Microsoft Corporation) Hidden
Microsoft Azure Mobile Services Tools for Visual Studio - v1.3 (x32 Version: 1.3.21014.1602 - Microsoft Corporation) Hidden
Microsoft Azure Shared Components for Visual Studio 2013 - v1.3 (x32 Version: 1.3.21014.1603 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.8.50926.663 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Update 4 Object Model (x64) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013 Update 4 Object Model Language Pack (x64) - ENU (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual C++  ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Diagnostic Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Diagnostic Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Preparation (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 XAML UI Designer - ENU (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 XAML UI Designer (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio Community 2013 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neubot 0.4.16.9 (HKCU\...\Neubot) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.3.3 (64-bit) (HKLM\...\{E9D90870-AB19-32A8-AA93-F8348BA21D05}) (Version: 3.3.3150 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.0.1 - Tweaking.com)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
uninstallBIG-IP Edge Client Components (HKCU\...\F5 Networks Client Components) (Version: 70.2012.1109.1410 - F5 Networks, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2013 (KB2932965) (HKLM-x32\...\{7dbba119-718a-4f68-b33e-454dc8aa5faf}) (Version: 12.0.30112 - Microsoft Corporation)
Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2012 Verification SDK - chs (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012 Verification SDK - enu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012 Verification SDK - ita (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012 Verification SDK - jpn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012 Verification SDK (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Visual Studio 2012 ??? ?? SDK - kor (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012 ?? SDK - cht (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2012-Verifizierungs-SDK - deu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 2.1.30723.00 - Microsoft Corporation) Hidden
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows App Certification Kit Native Components (Version: 8.100.26629 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.26795 - Microsoft Corporation) Hidden
Windows Phone 8.1 SDK - ARM (x32 Version: 8.1.14194 - Microsoft Corporation) Hidden
Windows Phone 8.1 SDK - Desktop (x32 Version: 8.1.14194 - Microsoft Corporation) Hidden
Windows Phone 8.1 SDK - x64 (Version: 8.1.14194 - Microsoft Corporation) Hidden
Windows Phone 8.1 SDK - x86 (x32 Version: 8.1.14194 - Microsoft Corporation) Hidden
Windows Phone 8.1 Tools for Visual Studio 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Windows Phone 8.1 Tools for Visual Studio 2013 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Windows Phone 8.1 Tools for Visual Studio Professional 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Windows Phone SDK 8.0 Assemblies (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.26898 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.229 - Zemana Ltd.)
????? Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 5110.29 MB
Available physical RAM: 3369.04 MB
Total Pagefile: 15329.07 MB
Available Pagefile: 13550.76 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:687.6 GB) (Free:545.07 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.04 GB) (Free:1.45 GB) NTFS
8 Drive k: () (Fixed) (Total:149.04 GB) (Free:109.88 GB) NTFS

========================= Users: ========================================

User accounts for \\TRIPR-PC

Administrator            Guest                    TripR                    


**** End of log ****





Here is the results of ESETScan:



C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Users\TripR\Desktop\Desktop\spsetup120.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Users\TripR\Desktop\Desktop\From Old HP Vista\Documents\Games\Road Attack online\rattack_setup.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    

deleted - quarantined
C:\Users\TripR\Desktop\win vista\Admin\Downloads\Glarysoft\rrsetup.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
K:\Admin\Desktop\spsetup120.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
K:\Admin\Desktop\From Old HP Vista\Documents\Games\Road Attack online\rattack_setup.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted -

quarantined
K:\Admin\Desktop\Unused\registrybooster.exe    Win32/RegistryBooster potentially unwanted application    deleted - quarantined
K:\Admin\Downloads\Glarysoft\rrsetup.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined

 

 

 

Cubic
 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 04 June 2015 - 06:51 PM

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

 

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#7 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 06 June 2015 - 04:12 AM

Ran all the scans, here are the log file you requested.


Here is the Minitoolbox results:



MiniToolBox by Farbar  Version: 14-04-2015
Ran by TripR (administrator) on 06-06-2015 at 01:58:29
Running from "C:\Users\TripR\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: KQ505AA-ABA m8517c Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1             localhost
127.0.0.1       localhost


**** End of log ****




Here is the Malwarebytes results:



Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 6/6/2015 2:00:09 AM, SYSTEM, TRIPR-PC, Manual, Rootkit Database, 2015.5.31.1, 2015.6.2.1,
Update, 6/6/2015 2:00:11 AM, SYSTEM, TRIPR-PC, Manual, Malware Database, 2015.6.1.3, 2015.6.6.1,
Scan, 6/6/2015 2:29:28 AM, SYSTEM, TRIPR-PC, Manual, Start:6/6/2015 2:00:16 AM, Duration:29 min 11 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)




Here is the 9 lab results:



9-lab Removal Tool 1.0.0.35 BETA
9-lab.com

Database version: 0.0

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17801
TripR :: TRIPR-PC

6/6/2015 2:36:08 AM
9lab-log-2015-06-06 (02-36-08).txt

Scan type: Full
Objects scanned: 14073
Time Elapsed: 1 m 58 s

Registry Values detected: 1
Hijack.AppPaths [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]






Here is the Malwarebytes anti rootkit results:



Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2015.06.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
TripR :: TRIPR-PC [administrator]

6/6/2015 2:40:50 AM
mbar-log-2015-06-06 (02-40-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 398161
Time elapsed: 20 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

cubic



#8 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 06 June 2015 - 03:09 PM

Wish I could give a definitive answer on whether there's been improvement.  The problem is that the spoofing I'm experiencing isn't and never was constant.  I haven't seen it as much lately since doing these scans, but I've gone through periods of very little to no spoofing prior doing the scans so it's tough to give a firm yes or no on success.  It's just going to take some time.  

 

My confidence is growing after seeing the scans/tools find and fix problems with my system.  If there are any more steps we can take to ensure success I'm certainly looking forward too it. 

 

 

Optimistic,

 

cubic



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 06 June 2015 - 03:43 PM

I would as a final step suggest a full scan with Reason Core Security.

https://www.reasoncoresecurity.com/download-free.aspx

 

Also a full scan with Crystal Security.

http://www.crystalsecurity.eu/

 

I would uninstall reason security after you are done, but keep crystal security to run alongside your antivirus, it is an antivirus companion.



#10 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 10 June 2015 - 04:03 PM

Update: Didn't have any spoofing since running the last scans on the 6th of june, but I was spoofed about 15 minutes ago as of today.

 

Still getting browser flicker as well

 

 

 

cubic



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 10 June 2015 - 09:16 PM

Reset your router to factory settings and run a full scan with Zemana and also re-run ZHP cleaner as instructed.

http://setuprouter.com/networking/how-to-reset-your-router/



#12 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 11 June 2015 - 03:45 PM

Hello, Here are the results.  I successfully reset my router to it's defaults.  Also Crystal security has shut itself down a couple of times in the last couple of days.  I pasted the error logs for crystal below.  I believe the last 2 logs are related to an adobe flashplayer update that was trying to run.  Below that are the zemana and zhp logs.



Could not find file 'C:\Windows\SoftwareDistribution\Download\b6c205c0dc96e3321e835b7f7f651ce9\amd64_microsoft-windows-

win32k_31bf3856ad364e35_6.1.7601.18869_none_16e85fe9b14a6f7f\win32k.sys'.   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args,

Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at Crystal_Security.Main.Final_Result()
   at Crystal_Security.Main.Get_Result()
   at Crystal_Security.Main.Request_cloud()
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()


Unable to cast COM object of type 'SHDocVw.ShellWindowsClass' to interface type 'SHDocVw.IShellWindows'. This operation failed because the QueryInterface call on the COM

component for the interface with IID '{85CB6900-4D95-11CF-960C-0080C7F4EE85}' failed due to the following error: No such interface supported (Exception from HRESULT:

0x80004002 (E_NOINTERFACE)).   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at Crystal_Security.Main.A4(Object a, EventArgs A)
   at System.Windows.Forms.Timer.OnTick(EventArgs e)
   at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


Could not find file 'C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\mpam-b7136eb9.exe'.   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method,

Object[] args, Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at Crystal_Security.Main.Final_Result()
   at Crystal_Security.Main.Get_Result()
   at Crystal_Security.Main.Request_cloud()
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()


Could not find file 'C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\mpam-790127a8.exe'.   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method,

Object[] args, Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at Crystal_Security.Main.Final_Result()
   at Crystal_Security.Main.Get_Result()
   at Crystal_Security.Main.Request_cloud()
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()






Here is the Zemana results:


Zemana AntiMalware 2.15.2.229 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/11
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™2 Quad CPU  Q6600 @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 00DEA8558B86094D0A1380
Scan Type              : Scheduled Scan
Duration               : 9m 51s
Scanned Objects        : 36799
Detected Objects       : 1
Excluded Objects       : 2
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 0008533A4D157460E397576EE99B268A
Publisher          : -
Size               : 1260
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Traces             :
                Hosts File - Hosts file is hidden

SFCFix.exe
Status             : Failed
Object             : %userprofile%\desktop\tools\bleeping\sfcfix.exe
MD5                : 6E62B20228139D7EF51D769696FD8A09
Publisher          : -
Size               : 1319424
Version            : 2.4.4.0
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\tools\bleeping\sfcfix.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0



Ran this a 2nd time:

Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/11
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™2 Quad CPU  Q6600 @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 00DEA8558B86094D0A1380
Scan Type              : Deep Scan
Duration               : 38m 35s
Scanned Objects        : 251066
Detected Objects       : 0
Excluded Objects       : 2
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

There are no detected objects





Here is the results for ZHPCleaner:


~ ZHPCleaner v2015.6.3.265 by Nicolas Coolman (2015\06\3)
~ Run by TripR (Administrator)  (11/06/2015 09:46:36)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : No network file
~ Type : Scan
~ Report : C:\Users\TripR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\TripR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 73115
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


End of clean at 09:53:21
===================
ZHPCleaner-[R]-03062015-19_44_47.txt
ZHPCleaner-[S]-03062015-19_43_41.txt
ZHPCleaner-[S]-11062015-09_38_24.txt
ZHPCleaner-[S]-11062015-09_53_21.txt



Ran this a 2nd time also:

~ ZHPCleaner v2015.6.3.265 by Nicolas Coolman (2015\06\3)
~ Run by TripR (Administrator)  (11/06/2015 14:27:13)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : No network file
~ Type : Scan
~ Report : C:\Users\TripR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\TripR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 73125
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


End of clean at 14:34:09
===================
ZHPCleaner-[R]-03062015-19_44_47.txt
ZHPCleaner-[S]-03062015-19_43_41.txt
ZHPCleaner-[S]-11062015-09_38_24.txt
ZHPCleaner-[S]-11062015-09_53_21.txt
ZHPCleaner-[S]-11062015-14_34_09.txt
 


Edited by CubicR, 11 June 2015 - 04:40 PM.


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 11 June 2015 - 05:47 PM

Let me know if your issue happens again.



#14 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 12 June 2015 - 12:00 PM

I will defintely let you know.  Thanks for all your help.

 

cubic



#15 CubicR

CubicR
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 AM

Posted 12 June 2015 - 12:19 PM

well I didn't expect to reply so soon, but the spoofing is still happening.

 

 

cubic






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users