Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by On Stage


  • Please log in to reply
18 replies to this topic

#1 rcrice

rcrice

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 10 June 2015 - 09:30 AM

One of my kids seems to have picked up a malware infection, probably from a dodgy gaming site. 

 

We get ads out the wazoo from "On Stage Ads" or "Ads by On Stage"   

 

Adds a bunch of garbage search results to the top of the google search results page.  Clicking on anylinks, redirects you to one of their click partners. 

 

What I've done. 

Downloaded on another PC, fresh copies of 

Malware Bytes

ADWcleaner

Superantisypware 

 

 

I've run all of these tools, twice on the infected PC.  

 

The infection is better, as the tools seem to have removed one additional infection, but left behind the "ads by On Stage" mess. 

 

Advice? 

 

 

Robert 



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 10 June 2015 - 11:48 AM

Hello,

 

I would like to see MBAM and AdwCleaner log.

 

For MBAM:

 

  • Open MBAM
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

 

For AdwCleaner:

Log is probably at this location: C:\AdwCleaner[S1].txt 

 

Post it here also.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 10 June 2015 - 11:54 AM

Thanks - will do. That PC is at home, and I'll post the logs tonight. 

 

Rob 

 

 



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 10 June 2015 - 12:00 PM

Also, use this program and post to us log.

 

MiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 10 June 2015 - 07:10 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/10/2015
Scan Time: 8:41:29 AM
Logfile: OnStage-MBAM.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.10.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rob
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 953322
Time Elapsed: 2 hr, 3 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
PUP.Optional.PricePeep.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [27e42693dfab9a9cd5656c80c142e31d], 
PUP.Optional.PricePeep.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [69a2e7d2afdb52e4b8829755e320c23e], 
PUP.Optional.SelectNGo.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [61aab405276340f630253ac0ec17aa56], 
PUP.Optional.SelectNGo.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [52b9d7e2305a999d480d3ebc2cd72ad6], 
PUP.Optional.ReMarkable.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [a06bffba94f6b87e90953d413fc60ef2], 
PUP.Optional.ReMarkable.A, C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [7695c0f99feb51e5a67ff886778e43bd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

# AdwCleaner v4.206 - Logfile created 09/06/2015 at 22:36:24
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Rob - ROB-PC-HOME
# Running from : C:\Users\Rob\Downloads\malware cleanup\Malware Removal\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://wiki.freepbx.org/dosearchsite.action?queryString={searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/+{searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=6F7B48AA-ED9A-45BD-966F-AAE2515D4FEF&apn_ptnrs=TV&apn_sauid=3C7D1908-F9B9-411E-9739-47D5EC8B4FDB&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://2600hz.atlassian.net/wiki/dosearchsite.action?queryString={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [32413 bytes] - [14/01/2015 17:38:33]
AdwCleaner[R1].txt - [2122 bytes] - [09/06/2015 22:31:22]
AdwCleaner[S0].txt - [14315 bytes] - [14/01/2015 17:41:41]
AdwCleaner[S1].txt - [2061 bytes] - [09/06/2015 22:36:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2120  bytes] ##########
 


#6 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 10 June 2015 - 07:25 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Rob (administrator) on 10-06-2015 at 19:15:58
Running from "C:\Users\Rob\Downloads\malware cleanup\Malware Removal"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 3209CTO Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Evolve Virtual Ethernet Adapter = Evolve Gaming Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=255.255.255.255/32 interface="Evolve Gaming Connection" nexthop=0.0.0.0 metric=1 publish=No
add route prefix=224.0.0.0/4 interface="Evolve Gaming Connection" nexthop=0.0.0.0 metric=1 publish=No
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Rob-PC-Home
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Evolve Gaming Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Evolve Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-00-4D-78-92-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 44-37-E6-B3-13-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d1d3:1f4e:3fd1:5cac%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.220.129(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 10, 2015 8:34:08 AM
   Lease Expires . . . . . . . . . . : Thursday, June 11, 2015 6:50:51 PM
   Default Gateway . . . . . . . . . : 192.168.220.10
   DHCP Server . . . . . . . . . . . : 192.168.220.10
   DHCPv6 IAID . . . . . . . . . . . : 242283413
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C8-AC-A4-44-37-E6-B3-13-70
   DNS Servers . . . . . . . . . . . : 192.168.220.10
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-06-0B-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1906:bfc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2de9:8230:7e28:9fb6%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.6.11.252(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 10, 2015 8:34:03 AM
   Lease Expires . . . . . . . . . . : Thursday, June 09, 2016 6:51:02 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 343570762
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C8-AC-A4-44-37-E6-B3-13-70
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  router.asus.com
Address:  192.168.220.10
 
Name:    google.com
Addresses:  2607:f8b0:4000:80b::200e
 216.58.218.206
 
 
Pinging google.com [216.58.218.206] with 32 bytes of data:
Reply from 216.58.218.206: bytes=32 time=28ms TTL=52
Reply from 216.58.218.206: bytes=32 time=28ms TTL=52
 
Ping statistics for 216.58.218.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 28ms, Average = 28ms
Server:  router.asus.com
Address:  192.168.220.10
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=94ms TTL=46
Reply from 206.190.36.45: bytes=32 time=93ms TTL=46
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 94ms, Average = 93ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...00 00 4d 78 92 fd ......Evolve Virtual Ethernet Adapter
 11...44 37 e6 b3 13 70 ......Intel® 82579LM Gigabit Network Connection
 14...7a 79 19 06 0b fc ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.220.10  192.168.220.129     20
         25.0.0.0        255.0.0.0         On-link       25.6.11.252   9256
      25.6.11.252  255.255.255.255         On-link       25.6.11.252   9256
   25.255.255.255  255.255.255.255         On-link       25.6.11.252   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.220.0    255.255.255.0         On-link   192.168.220.129    276
  192.168.220.129  255.255.255.255         On-link   192.168.220.129    276
  192.168.220.255  255.255.255.255         On-link   192.168.220.129    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   192.168.220.129    276
        224.0.0.0        240.0.0.0         On-link       25.6.11.252   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   192.168.220.129    276
  255.255.255.255  255.255.255.255         On-link       25.6.11.252   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  255.255.255.255  255.255.255.255         On-link        1
        224.0.0.0        240.0.0.0         On-link        1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 14    276 2620:9b::/96             On-link
 14    276 2620:9b::1906:bfc/128    On-link
 11    276 fe80::/64                On-link
 14    276 fe80::/64                On-link
 14    276 fe80::2de9:8230:7e28:9fb6/128
                                    On-link
 11    276 fe80::d1d3:1f4e:3fd1:5cac/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/10/2015 08:35:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000440,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000027CEDB0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b2c,(null),0,REG_BINARY,0000000013C8E020.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b79deb04-0f4b-4061-8954-6521f2173f62}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000720,(null),0,REG_BINARY,0000000003CCE070.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {22016aec-9fbc-450a-9f38-1bfa9140ac8d}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000314,(null),0,REG_BINARY,000000001356DE30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d7cea3ea-ba37-4c08-b2f3-92701bd223be}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e0,(null),0,REG_BINARY,0000000001BEE7F0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {220c7e11-83e1-4226-9e99-6e99ddff0247}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000021c,(null),0,REG_BINARY,000000000188EBA0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2d787090-f20f-477e-8d5f-f23ada6490e1}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000720,(null),0,REG_BINARY,0000000003CCE070.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {22016aec-9fbc-450a-9f38-1bfa9140ac8d}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b2c,(null),0,REG_BINARY,0000000013C8E020.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b79deb04-0f4b-4061-8954-6521f2173f62}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000314,(null),0,REG_BINARY,000000001356DE30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d7cea3ea-ba37-4c08-b2f3-92701bd223be}
 
 
System errors:
=============
Error: (06/10/2015 08:36:09 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (06/10/2015 08:35:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/10/2015 08:33:49 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!
 
Error: (06/10/2015 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/10/2015 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Power Manager DBC Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 07:57:10 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/10/2015 07:57:09 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 07:57:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2015 08:35:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000440,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000027CEDB0.72)0x80070005, Access is denied.
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000b2c,(null),0,REG_BINARY,0000000013C8E020.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b79deb04-0f4b-4061-8954-6521f2173f62}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000720,(null),0,REG_BINARY,0000000003CCE070.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {22016aec-9fbc-450a-9f38-1bfa9140ac8d}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000314,(null),0,REG_BINARY,000000001356DE30.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d7cea3ea-ba37-4c08-b2f3-92701bd223be}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x000001e0,(null),0,REG_BINARY,0000000001BEE7F0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {220c7e11-83e1-4226-9e99-6e99ddff0247}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x0000021c,(null),0,REG_BINARY,000000000188EBA0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2d787090-f20f-477e-8d5f-f23ada6490e1}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000720,(null),0,REG_BINARY,0000000003CCE070.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {22016aec-9fbc-450a-9f38-1bfa9140ac8d}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000b2c,(null),0,REG_BINARY,0000000013C8E020.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {b79deb04-0f4b-4061-8954-6521f2173f62}
 
Error: (06/10/2015 08:33:00 AM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000314,(null),0,REG_BINARY,000000001356DE30.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d7cea3ea-ba37-4c08-b2f3-92701bd223be}
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-09 22:22:44.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-09 22:22:44.033
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D51F5621-37A3-4B72-A761-2A9E2BBEA76D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcheAge (HKLM-x32\...\Steam App 304030) (Version:  - XLGAMES)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
BLOCKADE 3D (HKLM-x32\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Elevated Installer (HKLM-x32\...\{206BC484-44FD-45D5-89E3-D2506E92DBFE}) (Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.13 - Echobit, LLC)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
FTBCAT (HKLM-x32\...\FTBCAT_is1) (Version:  - G R Freeth)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Garmin Express (HKLM-x32\...\{6f56bdd5-41e5-4ad6-a03a-76bd4debc2d4}) (Version: 4.0.23.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{92905ECE-A646-49F9-886D-B0873DAC47D8}) (Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{05B47505-F03F-45DD-83D5-CFE7A941F4EA}) (Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8630 Basic Device Software (HKLM\...\{E4785D60-862F-4474-A2D4-F3A6A07A6638}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8630 Help (HKLM-x32\...\{6ABF093B-B5B9-4CBD-A598-F693A843A44D}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Icom CS-M802 #11 (HKLM-x32\...\{6060A95E-30EB-457D-BA9D-6FCFB1C964CE}) (Version: 1.00 - Icom Inc.)
Icom CS-M802 (HKLM-x32\...\{1337A640-F584-11D5-8BD8-00C0F6B11A91}) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Krita Desktop (x64) 2.8.3.0 (HKLM\...\{C954F6B7-202B-4811-8A7E-1BFBCD3A09DD}) (Version: 2.8.3.0 - KO GmbH)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.72 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
LibreOffice 4.4 Help Pack (English (United States)) (HKLM-x32\...\{03521B99-4EED-4C36-91B4-E0FAD2D98731}) (Version: 4.4.2.2 - The Document Foundation)
LibreOffice 4.4.2.2 (HKLM-x32\...\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}) (Version: 4.4.2.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\{80EE9168-BB59-4F87-BF1A-57C137EAF714}) (Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.44.1.3 - Marvell)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version:  - Team Reptile)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
NEStalgia (HKLM-x32\...\Steam App 249550) (Version:  - Silk Games)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.9 - Portforward, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.40.0001 - Lenovo Group Limited)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30131 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
SeaTTY V2.50 (HKLM-x32\...\SeaTTY_is1) (Version:  - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.1 - IObit)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-08963de0-34a4-4594-9561-599a49caf04a) (Version:  - Epic Games, Inc.)
USB GamePad (HKLM-x32\...\{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}) (Version: 1.00.0000 - GASIA)
Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - SCS SCS Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\BC00913D027C41CC21E744CFDA8F3DF6DF45E2CF) (Version: 04/10/2012 2.08.24 - SCS)
Windows Driver Package - SCS SCS Driver Package - VCP Driver 1 (04/10/2012 2.08.24) (HKLM\...\7811E449E9CAA643E49707C43F2FAE3A35462D0D) (Version: 04/10/2012 2.08.24 - SCS)
Windows Driver Package - SCS SCS Driver Package - VCP Driver 2 (04/10/2012 2.08.24) (HKLM\...\3BFF416D0CF83690179331AC3C8309B77A6D18FA) (Version: 04/10/2012 2.08.24 - SCS)
Windows Driver Package - SCS SCS Driver Package - VCP Driver 3 (04/10/2012 2.08.24) (HKLM\...\0B6DDC331557B47917A9CF022C536EA39D735575) (Version: 04/10/2012 2.08.24 - SCS)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 9%
Total physical RAM: 24381.48 MB
Available physical RAM: 22156.13 MB
Total Pagefile: 48761.18 MB
Available Pagefile: 46005.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.34 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:1393.17 GB) (Free:1041.87 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:5.35 GB) FAT32
4 Drive x: (Recovery) (Fixed) (Total:4 GB) (Free:0.84 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ROB-PC-HOME
 
Administrator            David                    Guest                    
Matthew                  Rachel                   Rob                      
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
04-06-2015 01:46:19 Garmin Express
04-06-2015 01:47:24 Garmin Express
04-06-2015 01:48:21 Garmin Express
09-06-2015 07:11:15 Windows Update
09-06-2015 08:38:53 Windows Defender Checkpoint
10-06-2015 02:25:47 Windows Update
10-06-2015 13:32:18 Checkpoint by HitmanPro
10-06-2015 13:32:38 Checkpoint by HitmanPro
 
**** End of log ****
 


#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 11 June 2015 - 02:14 AM

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document

---------

Adware Removal Tool.

 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

 

LOr0Gd7.png

 

Click OK.

sYFsqHx.png

 

Click Next.

 

8NcZjGc.png

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

-----

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 11 June 2015 - 01:28 PM

Thank you ! 

Will download these tools at work on a clean PC, then run at home later. 



#9 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 12 June 2015 - 08:56 AM

Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Rob Downloads malware cleanup Malware Removal\SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_06_11_19_33_00
OS: Windows 7 - 64 Bit
Account Name: Rob
U0L0S106
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2_dlc1\sound\ambient\ambience\conduit_rain.wav
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2_dlc3\sound\ambient\ambience\conduit_rain.wav
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Babylon.Civ5Pkg
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Civilization_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Traits_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\CIV5Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\Civ5CivlopediaDLC_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Civilizations_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameText_Cities_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\English\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\French\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\German\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Italian\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Polish\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Russian\Dawn of Man\BABYLON.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\Speech\Spanish\Dawn of Man\Babylon.mp3
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\BabylonAudio2DScripts.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\DawnOfMan_Speech_Babylon_Audio2DScripts.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\DawnOfMan_Speech_Babylon_AudioDefines.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\UnitUISounds_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\DLC_Deluxe\Sounds\XML\U_Babylonian_Bowman3DScripts.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Buildings_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Civilization_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\CIV5Units_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\DE_DE\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\en_US\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\ES_ES\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\FR_FR\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\IT_IT\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\JA_JP\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\KO_KR\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\PL_PL\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\RU_RU\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Assets\DLC\Expansion\DLC\DLC_Deluxe\Gameplay\XML\Text\ZH_Hant_HK\CIV5GameTextInfos_Spies_Babylon.xml
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Resource\Common\BabylonianModels.fpk
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Resource\DX9\BabylonianNebuchadnezzarTextures.fpk
Deleted - File - C:\program files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Resource\DX9_Low\BabylonianNebuchadnezzarTexturesDX9Low.fpk
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Professional x64
Ran by Rob on Thu 06/11/2015 at 19:38:00.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Rob\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\Rob\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Rob\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Rob\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Rob\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Rob\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/11/2015 at 19:39:26.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 12 June 2015 - 10:24 AM

Hi Rob,

 

Do you still have problem? Or it is better now?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:48 AM

Posted 12 June 2015 - 11:38 AM

Just my two cents, but it appears that Adware Removal Tool removed files from two Steam games - Sid Meier's Civilization V and Left 4 Dead 2.

Rob, please check those games - you might need to reinstall them as a result.

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 12 June 2015 - 11:41 AM

Most likely because the file names contains the words "conduit" and "babylon". This is a huge false positive. I would refrain from using this tool in the future OP if someone recommends it to you.

Edited by Aura., 12 June 2015 - 11:42 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 12 June 2015 - 11:50 AM

Yep, I saw that. Thats strange, such a big mistake. Never had problems with Adware RT. I will report to authors.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 rcrice

rcrice
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 12 June 2015 - 09:26 PM

Nope. Same problem persists. 

 

Still getting the ads on websites, plus all kinds of pop ups. 



#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:48 AM

Posted 13 June 2015 - 04:56 AM

Hello,

 

we will try again. I hope it will work this time. 

 

Run MBAM again.

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

-------

 

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users