Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP flagged virus


  • Please log in to reply
14 replies to this topic

#1 idunnolol

idunnolol

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 June 2015 - 12:57 PM

My ISP sent me an email today saying that one of my devices behind my modem appeared to have connected to a command and control server affiliated with "FakeSecSen or SpySheriff virus". I called them and they said they detected it at 7:47am 6/20/15 also they said it came from a website called lp.easydownloadpro.info I don't even know what that is. The only thing I was doing at that time was watching a stream on twitch. I had a browse through the windows event logs and saw an event under the System logs from the Service Control Manager that said "A service was installed in the system" Service Name: MBAMSwissArmy Service File Name: C:\Windows\system32\drivers\MBAMSwissArmy.sys        I do have Malwarebytes Anti-Malware installed, is this file related? I have done a scan with Avira Free Antivirus and MBAM and they did not find anything.

 

OS is Win 7 Home Premium SP1

 

Thanks!


Edited by idunnolol, 20 June 2015 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 20 June 2015 - 01:10 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 June 2015 - 03:42 PM

Okay here are all the logs...

 

 

eScanAV log


20 Jun 2015 13:47:03 [159c] - **********************************************************
20 Jun 2015 13:47:03 [159c] - MWAV - eScanAV AntiVirus Toolkit.
20 Jun 2015 13:47:03 [159c] - Copyright © MicroWorld Technologies
20 Jun 2015 13:47:03 [159c] - **********************************************************
20 Jun 2015 13:47:03 [159c] - Source: C:\Users\Travis\Downloads\mwav.exe
20 Jun 2015 13:47:03 [159c] - Version 14.0.178 (C:\USERS\TRAVIS\APPDATA\LOCAL\TEMP\MEXE.COM)
20 Jun 2015 13:47:03 [159c] - Log File: C:\Users\Travis\AppData\Local\Temp\MWAV.LOG
20 Jun 2015 13:47:03 [159c] - MWAV Registered: TRUE
20 Jun 2015 13:47:03 [159c] - User Account: Travis (Administrator Mode)
20 Jun 2015 13:47:03 [159c] - OS Type: Windows Workstation [InstallType: Client]
20 Jun 2015 13:47:03 [159c] - OS: Windows 7 64-Bit [OS Install Date: 28 Nov 2014 19:32:21]
20 Jun 2015 13:47:03 [159c] - Ver: Personal Service Pack 1 (Build 7601)
20 Jun 2015 13:47:03 [159c] - System Up Time: 7 Minutes, 33 Seconds
20 Jun 2015 13:47:03 [159c] - Parent Process Name : C:\Users\Travis\Downloads\mwav.exe
20 Jun 2015 13:47:03 [159c] - Windows Root  Folder: C:\Windows
20 Jun 2015 13:47:03 [159c] - Windows Sys32 Folder: C:\Windows\system32
20 Jun 2015 13:47:03 [159c] - DHCP NameServer: 192.168.1.1
20 Jun 2015 13:47:03 [159c] - Interface0 DHCPNameServer: 68.105.28.11 68.105.29.11 68.105.28.12
20 Jun 2015 13:47:03 [159c] - Interface1 DHCPNameServer: 192.168.1.1
20 Jun 2015 13:47:03 [159c] - Local Fixed Drives: c:\,d:\
20 Jun 2015 13:47:03 [159c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
20 Jun 2015 13:47:03 [159c] - [CREATED ZIP FILE: C:\Users\Travis\AppData\Local\Temp\pinfect.zip]
20 Jun 2015 13:47:03 [159c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
20 Jun 2015 13:47:05 [159c] - ** Changed Value of "Path"
20 Jun 2015 13:47:05 [159c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Travis\AppData\Local\Temp\ESCANDB.LOG]
20 Jun 2015 13:47:06 [159c] - Loaded/Created FileScan Cache Database...
20 Jun 2015 13:47:06 [159c] - Loading AV Library [DB]...
20 Jun 2015 13:48:25 [159c] - ArchiveScan: DISABLED
20 Jun 2015 13:48:25 [159c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
20 Jun 2015 13:48:25 [159c] - MWAV doing self scanning...
20 Jun 2015 13:48:26 [159c] - MWAV files are clean.
20 Jun 2015 13:48:36 [159c] - ArchiveScan: DISABLED
20 Jun 2015 13:48:36 [159c] - Virus Database Date: 02 Mar 2015
20 Jun 2015 13:48:36 [159c] - Virus Database Count: 6701505
20 Jun 2015 13:48:36 [159c] - Sign Version: 7.59505 [518257]
 
20 Jun 2015 13:49:01 [159c] - **********************************************************
20 Jun 2015 13:49:01 [159c] - MWAV - eScanAV AntiVirus Toolkit.
20 Jun 2015 13:49:01 [159c] - Copyright © MicroWorld Technologies
20 Jun 2015 13:49:01 [159c] -
20 Jun 2015 13:49:01 [159c] - Support: support@escanav.com
20 Jun 2015 13:49:01 [159c] - Web: http://www.escanav.com
20 Jun 2015 13:49:01 [159c] - **********************************************************
20 Jun 2015 13:49:01 [159c] - Version 14.0.178[DB] (C:\USERS\TRAVIS\APPDATA\LOCAL\TEMP\MEXE.COM)
20 Jun 2015 13:49:01 [159c] - Log File: C:\Users\Travis\AppData\Local\Temp\MWAV.LOG
20 Jun 2015 13:49:01 [159c] - User Account: Travis (Administrator Mode)
20 Jun 2015 13:49:01 [159c] - Parent Process Name : C:\Users\Travis\Downloads\mwav.exe
20 Jun 2015 13:49:01 [159c] - Windows Root  Folder: C:\Windows
20 Jun 2015 13:49:01 [159c] - Windows Sys32 Folder: C:\Windows\system32
20 Jun 2015 13:49:01 [159c] - OS: Windows 7 64-Bit [OS Install Date: 28 Nov 2014 19:32:21]
20 Jun 2015 13:49:01 [159c] - Ver: Personal Service Pack 1 (Build 7601)
20 Jun 2015 13:49:01 [159c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
20 Jun 2015 13:49:01 [1218] - Options Selected by User:
20 Jun 2015 13:49:01 [1218] - Memory Check: Enabled
20 Jun 2015 13:49:01 [1218] - Registry Check: Enabled
20 Jun 2015 13:49:01 [1218] - StartUp Folder Check: Enabled
20 Jun 2015 13:49:01 [1218] - System Folder Check: Enabled
20 Jun 2015 13:49:01 [1218] - Services Check: Enabled
20 Jun 2015 13:49:01 [1218] - Scan Spyware: Enabled
20 Jun 2015 13:49:01 [1218] - Scan Archives: Disabled
20 Jun 2015 13:49:01 [1218] - Drive Check: Enabled
20 Jun 2015 13:49:01 [1218] - All Drive Check :Disabled
20 Jun 2015 13:49:01 [1218] - Drive Selected = C:\
20 Jun 2015 13:49:01 [1218] - Folder Check: Disabled
20 Jun 2015 13:49:01 [1218] - SCAN: All_Files [ANSI]
20 Jun 2015 13:49:01 [1218] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
20 Jun 2015 13:49:01 [1218] - Scanning DNS Records...
20 Jun 2015 13:49:01 [1218] - Scanning Master Boot Record (User)...
20 Jun 2015 13:49:01 [1218] - Scanning Logical Boot Records...
20 Jun 2015 13:49:02 [1218] - ***** Scanning For Hidden Rootkit Processes *****
20 Jun 2015 13:49:02 [1218] - ***** Scanning For Hidden Rootkit Services *****
 
20 Jun 2015 13:49:05 [1218] - ***** Scanning Memory Files *****
 
20 Jun 2015 13:49:11 [1218] - ***** Scanning Registry Files *****
 
20 Jun 2015 13:49:14 [1218] - ***** Scanning StartUp Folders *****
20 Jun 2015 13:52:01 [0838] - ScanFile (C:\Users\Travis\AppData\Roaming\Dashlane\3.2.5.83379\bin\Prerequisites\vcredist_x86_sp1.exe) took 5351 ms
20 Jun 2015 13:52:02 [1020] - ScanFile (C:\Users\Travis\AppData\Roaming\Dashlane\3.2.5.83379\bin\Prerequisites\x64\vcredist_x64_sp1.exe) took 6053 ms
20 Jun 2015 13:52:28 [11b4] - ScanFile (C:\Users\Travis\AppData\Roaming\Dashlane\3.2.5.85368\bin\Prerequisites\vcredist_x86_sp1.exe) took 6006 ms
20 Jun 2015 13:52:29 [14f0] - ScanFile (C:\Users\Travis\AppData\Roaming\Dashlane\3.2.5.85368\bin\Prerequisites\x64\vcredist_x64_sp1.exe) took 5553 ms
20 Jun 2015 13:53:08 [1020] - ScanFile (C:\ProgramData\Avira\Antivirus\EVENTDB\Temp\tmp.edb) took 5740 ms
20 Jun 2015 13:53:21 [15d4] - ScanFile (C:\ProgramData\Avira\Antivirus\TEMP\scaninfo(1036).tmp) took 9064 ms
20 Jun 2015 13:53:35 [0cc0] - ScanFile (C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt) took 12542 ms
 
20 Jun 2015 13:53:39 [1218] - ***** Scanning Service Files *****
20 Jun 2015 13:53:57 [1218] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
20 Jun 2015 13:54:02 [1218] - ***** Scanning Registry and File system for Adware/Spyware *****
20 Jun 2015 13:54:02 [1218] - Loading Spyware Signatures from new External Database [Name: C:\Users\Travis\AppData\Local\Temp\spydb.avs, Size: 464717]...
20 Jun 2015 13:54:02 [1218] - Indexed Spyware Databases Successfully Created...
 
 
20 Jun 2015 13:54:39 [1218] - ***** Scanning Registry Files *****
 
20 Jun 2015 13:54:39 [1218] - ***** Scanning System32 Folders *****
20 Jun 2015 13:54:54 [15d4] - ScanFile (C:\Windows\SysWOW64\d3dx9_36.dll) took 5008 ms
20 Jun 2015 13:55:20 [1020] - ScanFile (C:\Windows\SysWOW64\NlsLexicons004c.dll) took 5413 ms
 
 
20 Jun 2015 13:55:48 [1218] - ***** Scanning Drive C:\ *****
20 Jun 2015 13:57:33 [0cc0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvcuda32.dl_) took 8970 ms
20 Jun 2015 13:57:35 [0f6c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvcuda64.dl_) took 11201 ms
20 Jun 2015 13:57:38 [15d4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvcompiler32.dl_) took 14461 ms
20 Jun 2015 13:57:41 [1174] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvd3dum.dl_) took 14212 ms
20 Jun 2015 13:57:41 [1020] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvcompiler.dl_) took 18096 ms
20 Jun 2015 13:57:42 [14f0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvd3dumx.dl_) took 15866 ms
20 Jun 2015 13:57:43 [0f6c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvopencl32.dl_) took 7442 ms
20 Jun 2015 13:57:44 [0838] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvlddmkm.sy_) took 10811 ms
20 Jun 2015 13:57:49 [15d4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvopencl64.dl_) took 10203 ms
20 Jun 2015 13:57:51 [0cc0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvoglv32.dl_) took 15086 ms
20 Jun 2015 13:57:53 [11b4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvoglv64.dl_) took 17706 ms
20 Jun 2015 13:57:54 [1174] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvwgf2um.dl_) took 11825 ms
20 Jun 2015 13:57:56 [0f6c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvcuda32.dl_) took 6381 ms
20 Jun 2015 13:57:57 [1020] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{0ECE70BE-EBB4-4E2B-891F-2AB876CC423E}\nvwgf2umx.dl_) took 14680 ms
20 Jun 2015 13:57:59 [0838] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvcuda64.dl_) took 8221 ms
20 Jun 2015 13:58:02 [0cc0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvd3dum.dl_) took 8845 ms
20 Jun 2015 13:58:04 [11b4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvd3dumx.dl_) took 9859 ms
20 Jun 2015 13:58:05 [14f0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvcompiler32.dl_) took 19095 ms
20 Jun 2015 13:58:06 [1020] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvlddmkm.sy_) took 6693 ms
20 Jun 2015 13:58:07 [0f6c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvopencl32.dl_) took 5912 ms
20 Jun 2015 13:58:10 [15d4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvcompiler64.dl_) took 20780 ms
20 Jun 2015 13:58:10 [15d4] - Scanning of C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvcompiler64.dl_ Timed out!!!
20 Jun 2015 13:58:11 [0cc0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvopencl64.dl_) took 8970 ms
20 Jun 2015 13:58:14 [0838] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvoglv32.dl_) took 13057 ms
20 Jun 2015 13:58:18 [11b4] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvwgf2um.dl_) took 12215 ms
20 Jun 2015 13:58:20 [1174] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvoglv64.dl_) took 19126 ms
20 Jun 2015 13:58:21 [14f0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C75EBF35-6405-478D-AB56-EB4A40F3D8F1}\nvwgf2umx.dl_) took 15194 ms
20 Jun 2015 14:00:03 [0838] - ScanFile (C:\Program Files (x86)\Common Files\Apple\CoreFP\CoreFP.dll) took 8502 ms
20 Jun 2015 14:03:30 [14f0] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [0f6c] - Scanning File C:\System Volume Information\{258fd4f0-1747-11e5-8328-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [0cc0] - Scanning File C:\System Volume Information\{258fd4fa-1747-11e5-8328-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [11b4] - Scanning File C:\System Volume Information\{00620a2a-120d-11e5-8329-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [15d4] - Scanning File C:\System Volume Information\{9a072e60-15f6-11e5-b96e-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [1020] - Scanning File C:\System Volume Information\{2f2a68d6-0f0d-11e5-b9c9-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [14f0] - Scanning File C:\System Volume Information\{b4008ce0-0ee3-11e5-b91f-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:03:30 [0f6c] - Scanning File C:\System Volume Information\{e2098b6a-152d-11e5-a521-08606e7cd757}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 Jun 2015 14:04:00 [0838] - ScanFile (C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdm.dll) took 12355 ms
20 Jun 2015 14:04:04 [0cc0] - ScanFile (C:\Users\Travis\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp) took 12948 ms
20 Jun 2015 14:04:45 [15d4] - ScanFile (C:\Users\Travis\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\3.0.7.74559\bin\Prerequisites\vcredist_x86_sp1.exe) took 6240 ms
20 Jun 2015 14:04:45 [1174] - ScanFile (C:\Users\Travis\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\3.0.7.74559\bin\Prerequisites\x64\vcredist_x64_sp1.exe) took 6349 ms
20 Jun 2015 14:10:07 [0cc0] - ScanFile (C:\Users\Travis\Downloads\battlelog-web-plugins_2.7.0_160_R2.exe) took 5413 ms
20 Jun 2015 14:10:11 [14f0] - ScanFile (C:\Users\Travis\Downloads\mwav.exe) took 8595 ms
20 Jun 2015 14:10:11 [1020] - ScanFile (C:\Users\Travis\Downloads\BurstfireSetup.exe) took 9921 ms
20 Jun 2015 14:13:26 [0838] - ScanFile (C:\Windows\Installer\1094cdb.msp) took 5366 ms
20 Jun 2015 14:13:31 [14f0] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\WWLIB.DLL) took 30187 ms
20 Jun 2015 14:13:31 [14f0] - Scanning of C:\Windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\WWLIB.DLL Timed out!!!
20 Jun 2015 14:13:35 [1174] - ScanFile (C:\Windows\Installer\116d1ab.msp) took 8720 ms
20 Jun 2015 14:13:37 [11b4] - ScanFile (C:\Windows\Installer\1094ca4.msp) took 14867 ms
20 Jun 2015 14:13:38 [0838] - ScanFile (C:\Windows\Installer\123102.msi) took 7191 ms
20 Jun 2015 14:13:39 [0f6c] - ScanFile (C:\Windows\Installer\1094e74.msp) took 7145 ms
20 Jun 2015 14:13:48 [1020] - ScanFile (C:\Windows\Installer\143d0e8.msp) took 7753 ms
20 Jun 2015 14:13:50 [14f0] - ScanFile (C:\Windows\Installer\143d0ff.msp) took 7941 ms
20 Jun 2015 14:13:50 [15d4] - ScanFile (C:\Windows\Installer\1094e0a.msp) took 9984 ms
20 Jun 2015 14:13:51 [11b4] - ScanFile (C:\Windows\Installer\52d4dc1.msp) took 6646 ms
20 Jun 2015 14:14:09 [0f6c] - ScanFile (C:\Windows\Installer\6ff342.msp) took 6942 ms
20 Jun 2015 14:14:09 [1174] - ScanFile (C:\Windows\Installer\6ff2fd.msp) took 9734 ms
20 Jun 2015 14:14:09 [0cc0] - ScanFile (C:\Windows\Installer\6ff387.msp) took 7659 ms
20 Jun 2015 14:14:13 [0838] - ScanFile (C:\Windows\Installer\6ff3f7.msp) took 7238 ms
20 Jun 2015 14:14:13 [11b4] - ScanFile (C:\Windows\Installer\6ff46a.msp) took 7067 ms
20 Jun 2015 14:14:15 [15d4] - ScanFile (C:\Windows\Installer\6ff40e.msp) took 7410 ms
20 Jun 2015 14:14:16 [14f0] - ScanFile (C:\Windows\Installer\6ff481.msp) took 5819 ms
20 Jun 2015 14:14:32 [0cc0] - ScanFile (C:\Windows\Installer\8550f.msp) took 7472 ms
20 Jun 2015 14:14:32 [11b4] - ScanFile (C:\Windows\Installer\6ff4e5.msp) took 6209 ms
20 Jun 2015 14:14:35 [1174] - ScanFile (C:\Windows\Installer\854f8.msp) took 7629 ms
20 Jun 2015 14:14:36 [0f6c] - ScanFile (C:\Windows\Installer\6ff5c0.msp) took 5241 ms
20 Jun 2015 14:14:39 [1020] - ScanFile (C:\Windows\Installer\6ff314.msp) took 25507 ms
20 Jun 2015 14:14:39 [1020] - Scanning of C:\Windows\Installer\6ff314.msp Timed out!!!
20 Jun 2015 14:14:43 [15d4] - ScanFile (C:\Windows\Installer\6ff593.msp) took 7488 ms
20 Jun 2015 14:17:55 [1174] - ScanFile (C:\Windows\System32\d3dx9_34.dll) took 7488 ms
20 Jun 2015 14:17:55 [0cc0] - ScanFile (C:\Windows\System32\d3dx9_36.dll) took 7769 ms
20 Jun 2015 14:17:56 [1020] - ScanFile (C:\Windows\System32\dbgeng.dll) took 5585 ms
20 Jun 2015 14:19:41 [0cc0] - ScanFile (C:\Windows\System32\NlsLexicons004c.dll) took 6286 ms
20 Jun 2015 14:30:55 [15d4] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll) took 7613 ms
 
20 Jun 2015 14:33:29 [1218] - ***** Checking for specific ITW Viruses *****
 
20 Jun 2015 14:33:29 [1218] - ***** Scanning complete. *****
 
20 Jun 2015 14:33:29 [1218] - Total Objects Scanned: 234934
20 Jun 2015 14:33:29 [1218] - Total Critical Objects: 0
20 Jun 2015 14:33:29 [1218] - Total Disinfected Objects: 0
20 Jun 2015 14:33:29 [1218] - Total Objects Renamed: 0
20 Jun 2015 14:33:29 [1218] - Total Deleted Objects: 0
20 Jun 2015 14:33:29 [1218] - Total Errors: 0
20 Jun 2015 14:33:29 [1218] - Time Elapsed: 00:43:51
20 Jun 2015 14:33:29 [1218] - Virus Database Date: 02 Mar 2015
20 Jun 2015 14:33:29 [1218] - Virus Database Count: 6701505
20 Jun 2015 14:33:29 [1218] - Sign Version: 7.59505 [518257]
 
20 Jun 2015 14:33:29 [1218] - Scan Completed.



Zemana AntiMalware Log


Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/20
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7-3770 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 00F20F0F023466411473FE
Scan Type              : Deep Scan
Duration               : 40m 14s
Scanned Objects        : 177193
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Firefox Search
Status             : Scanned
Object             : Wolfram|Alpha - http://wolframalpha.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Firefox Search

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe




JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 7 Home Premium x64
Ran by Travis on Sat 06/20/2015 at 15:27:58.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox




~~~ Chrome


[C:\Users\Travis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Travis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Travis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Travis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/20/2015 at 15:30:29.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 20 June 2015 - 07:34 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 June 2015 - 09:09 PM

Avira AV blocked the website to download the Adware Removal Tool, is it safe and should add an exception or what?



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 21 June 2015 - 07:14 PM

The tools I suggest to you are safe, this is a false positive.



#7 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 22 June 2015 - 05:35 PM

Adware Removal Tool v3.9
Time: 2015_06_22_15_36_19
OS: Windows 7 - 64 Bit
Account Name: Travis
U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished


ZHP Cleaner Log


~ ZHPCleaner v2015.6.21.281 by Nicolas Coolman (2015\06\21)
~ Run by Travis (Administrator)  (22/06/2015 15:49:19)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Travis\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Travis\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (20)
MOVED file: C:\Users\Travis\Desktop\Network_Meter_V9.6.gadget   (PUP.NetworkMe)
MOVED folder: C:\Windows\Installer\MSI1A82.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2417.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI2A61.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI31C3.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI331C.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI34D2.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI359E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI366A.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9E1F.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIA419.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIA515.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIA5A2.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIAC57.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIAD23.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIADEF.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIAE9B.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIAF38.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIB8DC.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIE49F.tmp- (Empty)


---\\  Registry ( Key, Value, Data) (2)
DELETED key*: HKEY_USERS\S-1-5-21-3873517135-2753033716-2947684355-1000\Software\ForumerIT [] (Toolbar.Forumer)
DELETED key: HKCU\Software\ForumerIT [] (Toolbar.Forumer)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 879
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 22


End of clean at 15:49:28
===================
ZHPCleaner-[R]-22062015-15_49_28.txt
ZHPCleaner-[S]-22062015-15_46_20.txt


Security Check log


 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Antivirus                 
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Adobe Flash Player 18.0.0.160  
 Mozilla Firefox (38.0.5)
 Mozilla Thunderbird (31.7.0)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Minitoolbox log


MiniToolBox by Farbar  Version: 22-06-2015
Ran by Travis (administrator) on 22-06-2015 at 15:56:17
Running from "C:\Users\Travis\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?)$ subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Travis-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-1A-EF-17-64-47
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 00-1A-EF-17-64-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 08-60-6E-7C-D7-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2d1d:8f18:3e30:be9b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, June 22, 2015 3:27:25 PM
   Lease Expires . . . . . . . . . . : Tuesday, June 23, 2015 3:27:25 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 235429998
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-0A-CD-6A-08-60-6E-7C-D7-57
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E57848DC-FAEA-487F-98B9-ABBAAEF95B5E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{65D0D990-3BC1-44B2-86D3-9429B9419BF9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c02:6a:10c3:3f57:fefc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::6a:10c3:3f57:fefc%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4007:808::200e
      216.58.217.206


Pinging google.com [216.58.217.206] with 32 bytes of data:
Reply from 216.58.217.206: bytes=32 time=48ms TTL=53
Reply from 216.58.217.206: bytes=32 time=48ms TTL=53

Ping statistics for 216.58.217.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 48ms, Average = 48ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=70ms TTL=52
Reply from 98.138.253.109: bytes=32 time=71ms TTL=52

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 71ms, Average = 70ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...00 1a ef 17 64 47 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 1a ef 17 64 46 ......802.11n Wireless LAN Card
 10...08 60 6e 7c d7 57 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:5cf2:8c02:6a:10c3:3f57:fefc/128
                                    On-link
 10    276 fe80::/64                On-link
 18    306 fe80::/64                On-link
 18    306 fe80::6a:10c3:3f57:fefc/128
                                    On-link
 10    276 fe80::2d1d:8f18:3e30:be9b/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the

index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/20/2015 01:33:14 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/20/2015 01:33:13 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (06/20/2015 01:33:13 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the

index.

Context: Windows Application


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (06/20/2015 01:32:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385, time stamp: 0x4a5bd212
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000011fd
Faulting process id: 0xc98
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3


System errors:
=============
Error: (06/22/2015 03:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the

service.

Error: (06/22/2015 03:39:04 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (06/22/2015 03:37:32 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (06/22/2015 03:29:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (06/22/2015 03:29:50 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (06/20/2015 03:59:01 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/20/2015 03:59:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/20/2015 03:49:00 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (06/20/2015 03:48:55 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (06/20/2015 03:41:25 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-09 16:36:41.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\Downloads\PCIUtil.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 16:36:41.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\Downloads\PCIUtil.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 16:36:40.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\AppData\Local\Temp\PCIUtil.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

  Date: 2015-02-09 16:36:40.586
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\AppData\Local\Temp\PCIUtil.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

  Date: 2015-02-09 16:36:22.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\Downloads\PCIUtil.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 16:36:22.353
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\Downloads\PCIUtil.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 16:36:21.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\AppData\Local\Temp\PCIUtil.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

  Date: 2015-02-09 16:36:21.140
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Travis\AppData\Local\Temp\PCIUtil.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
ASUS Xonar D1 Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version:  - Dylan Fitterer)
Automation - The Car Company Tycoon Game (HKLM-x32\...\Steam App 293760) (Version:  - Camshaft Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Car Mechanic Simulator 2015 (HKLM-x32\...\Steam App 320300) (Version:  - PlayWay S.A.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Dashlane (HKCU\...\Dashlane) (Version: 3.2.5.85368 - Dashlane SAS)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Q.U.B.E. (HKLM-x32\...\Steam App 203730) (Version:  - Toxic Games)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sleeping Dogs: Definitive Edition (HKLM-x32\...\Steam App 307690) (Version:  - United Front Games)
Spotify (HKCU\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Star Wars Galaxies (HKLM-x32\...\{88038160-9BCB-47BE-A5C3-5CE2DC115509}) (Version: 1.00.000 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Subnautica (HKLM-x32\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SWGEmu Launchpad (HKLM-x32\...\{37A10E4F-B984-462D-A33E-6C3D74CB1299}) (Version: 0.22 - SWGEmu)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-941bfc7c-72d5-4f21-88c6-3355ab498229) (Version:  - Epic Games, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  -

Microsoft)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version:  - Eugen Systems)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version:  - Eugen Systems)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.438 - ASUS Cloud Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)

========================= Devices: ================================

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8128.13 MB
Available physical RAM: 6094.54 MB
Total Pagefile: 16254.46 MB
Available Pagefile: 13791.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:159.35 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:552.41 GB) NTFS
3 Drive e: (USB-BT400) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\TRAVIS-PC

Administrator            Guest                    Travis                   


**** End of log ****


ESET Online Scanner Log


C:\$Recycle.Bin\S-1-5-21-3873517135-2753033716-2947684355-1000\$ROYC736.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 22 June 2015 - 10:50 PM

Remove Microsoft Security Essentials you already have Avira installed.

 

Run a full scan with Reason Core Security

 

pd9wnxI.jpg

Remove infections reboot.

 

 

Run an advanced scan with  Crystal Security.

 

YwB0fU0.jpg

Remove infections reboot.

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#9 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 23 June 2015 - 06:10 PM

Ran Reason Core Security, just found a chrome extension I installed called Turn off the Lights.

Ran Crystal Security, didn't find anything


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2015
Scan Time: 4:34:21 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.23.08
Rootkit Database: v2015.06.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Travis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363390
Time Elapsed: 11 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
Travis :: TRAVIS-PC

6/23/2015 4:47:59 PM
9lab-log-2015-06-23 (16-47-59).txt

Scan type: Full
Objects scanned: 42019
Time Elapsed: 26 m 45 s

Registry Values detected: 2
Risk.IEPath [HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\shell\open\command (Default)]
Risk.EnableLUA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA]


MBAR did not find anything



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 23 June 2015 - 07:07 PM

You never let 9-lab update.

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0

 

please update, run a full scan then tell me how your machine is running.



#11 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 23 June 2015 - 09:10 PM

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 106.32128

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
Travis :: TRAVIS-PC

6/23/2015 8:19:38 PM
9lab-log-2015-06-23 (20-19-38).txt

Scan type: Full
Objects scanned: 42009
Time Elapsed: 29 m 39 s

Files detected: 12
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\Quarantine\hosts]
[195EC0E57AF16E7894E64B24A659FA98] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\Quarantine\Network_Meter_V9.6.gadget]
[70A2CE733485E420532A14EB0BAB1515] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\Tempo.txt]
[7B420B0FFB974868EB784CA7600FCB2A] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\Trace.txt]
[3705207E7451FC4E93968970B8CE3F65] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner-[R]-22062015-15_49_28.txt]
[A2CB294F08D0D16F5E7ED1E16269D6EC] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner-[S]-22062015-15_46_20.txt]
[0026982528D70CC89C5CF68EF0D28544] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner.exe]
[8453F2FBE6B765D0FD93C5908149ADC9] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[E43730B33C8EFE5586FA0EE1E6B13863] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[79B5BD3ED618D735C252411B8D9A6DEF] Trojan.FPL.Rotbrow.vb [c:\users\travis\appdata\roaming\ZHP\ZHPQ_Files.txt]
[703F3CDE450D61972867C5502E86F7AB] Malware.Win32.Gen.E80F.sm!ff [C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7601.22838_none_4b375ce2b1f3f8cd\ExtExport.exe]


My computer seems to run fine, but is it unusal that these tools have been finding viruses in the other tools that I have downloaded?



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 24 June 2015 - 06:21 AM


My computer seems to run fine, but is it unusal that these tools have been finding viruses in the other tools that I have downloaded

 

Sometimes a program will detect items in anothers quarantine, this is a regular occurance....

 

Some Suggested Software To Keep You Safe On The Internet.

Click Me To Update Software. Update Software.

Qualys BrowserCheck To update plugins.

Web Of Trust  To Avoid  Shady Websites.

Unchecky To Avoid Bundled Software.

AdBlock Plus To Browse The Web Ad Free.

Malwarebytes Anti Exploit To Block Zero Day Attacks.

 Malwarebytes Startup Lite To Disable Useless Items Starting With Your Computer.

 FanBoys Ultimate list.  Add The Ultimate List.

ToolWhiz Smart Defrag  Defrag Your Machine With Speed.

For Chrome Adguard

For FireFox Adguard

 

Now Lets Clean up the tools we used and remove old restore points.

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#13 idunnolol

idunnolol
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 24 June 2015 - 05:00 PM

You think my computer is in the clear now? Do I need to run anymore scans? I ran Delfix btw.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 25 June 2015 - 05:27 PM

Everything looks good to me!! :guitar:



#15 lil.sput

lil.sput

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 14 August 2015 - 10:40 AM

Our family also received a very similar message from our ISP stating that one of thy devices behind our modem appeared to have connected to a command and control server affiliated with "FakeSecSen or SpySheriff virus".  Per ISP's advice, we ran Norton Power Eraser and Microsoft Safety Scanner, but nothing was detected.  In general, our internet has been running very slow on the desktop we believe has been infected (as opposed to our laptop, which is running fine.)  The desktop will repeatedly disconnect from the server while the laptop stays connected.  When we run Google Chrome on the desktop, a security message pops up stating that a large amount of suspicious outbound traffic has been detected.

 

We ran the first steps of the above fix with the following modifications (logs are included below.)

 

1.  Run Wipe

2.  We did NOT run System Ninja because Norton seemed quite insistent that it was not safe.  Please advise if we should override and try again.

3.  Run CCleaner.  There was no option to either enable or disable our Antivirus from Startup.

4.  Run eScanAV.  There was no option to Scan Spyware, but we scanned and cleaned otherwise (log included)

5.  We did NOT run Zemana because the link didn't work.

6.  Run Junkware Removal Tool (log included)

7.  Run AdwCleaner (log included)

 

Any help or suggestions that anyone could offer would be immensely appreciated.

 

eScanAV

 

13 Aug 2015 22:43:09 [0618] - **********************************************************

13 Aug 2015 22:43:09 [0618] - MWAV - eScanAV AntiVirus Toolkit.

13 Aug 2015 22:43:09 [0618] - Copyright © MicroWorld Technologies

13 Aug 2015 22:43:09 [0618] - **********************************************************

13 Aug 2015 22:43:09 [0618] - Version 14.0.203 (C:\USERS\THE THIRD\APPDATA\LOCAL\TEMP\MEXETMP.EX~)

13 Aug 2015 22:43:09 [0618] - Log File: C:\Users\The Third\AppData\Local\Temp\LOG\MWAV.LOG

13 Aug 2015 22:43:09 [0618] - MWAV Registered: TRUE

13 Aug 2015 22:43:09 [0618] - User Account: The Third (Administrator Mode)

13 Aug 2015 22:43:09 [0618] - OS Type: Windows Workstation [InstallType: Client]

13 Aug 2015 22:43:09 [0618] - OS: Windows 8.1 64-Bit [OS Install Date: 22 Aug 2014 17:21:16]

13 Aug 2015 22:43:09 [0618] - Ver: Personal Build 9200

13 Aug 2015 22:43:09 [0618] - System Up Time: 22 Minutes, 11 Seconds

 

13 Aug 2015 22:43:09 [0618] - Windows Root  Folder: C:\WINDOWS

13 Aug 2015 22:43:09 [0618] - Windows Sys32 Folder: C:\WINDOWS\system32

13 Aug 2015 22:43:09 [0618] - DHCP NameServer: 68.105.28.11 68.105.29.11 68.105.28.12

13 Aug 2015 22:43:09 [0618] - Interface0 DHCPNameServer: 192.173.2.1

13 Aug 2015 22:43:09 [0618] - Interface1 DHCPNameServer: 68.105.28.11 68.105.29.11 68.105.28.12

13 Aug 2015 22:43:09 [0618] - Local Fixed Drives: c:\,d:\

13 Aug 2015 22:43:09 [0618] - MWAV Mode(A): Scan and Clean files

13 Aug 2015 22:43:09 [0618] - [CREATED ZIP FILE: C:\Users\The Third\AppData\Local\Temp\pinfect.zip]

13 Aug 2015 22:43:09 [0618] - Command Line Options Given: /xsign

13 Aug 2015 22:43:11 [0618] - Latest Date of files inside MWAV: Fri Aug 14 05:34:31 2015.

13 Aug 2015 22:43:11 [0618] - WARNING!!! INVALID SYSTEM DATE 13-08-2015 !!!

13 Aug 2015 22:43:11 [0618] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\The Third\AppData\Local\Temp\LOG\ESCANDB.LOG]

13 Aug 2015 22:43:11 [0618] - Loaded/Created FileScan Cache Database...

13 Aug 2015 22:43:11 [0618] - Loading AV Library [DB]...

13 Aug 2015 22:43:20 [0618] - ArchiveScan: DISABLED

13 Aug 2015 22:43:20 [0618] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].

13 Aug 2015 22:43:20 [0618] - MWAV doing self scanning...

13 Aug 2015 22:43:20 [0618] - MWAV files are clean.

13 Aug 2015 22:43:25 [0618] - ArchiveScan: DISABLED

13 Aug 2015 22:43:25 [0618] - Virus Database Date: 13 Aug 2015

13 Aug 2015 22:43:25 [0618] - Virus Database Count: 5879877

13 Aug 2015 22:43:25 [0618] - Sign Version: 7.62022 [520774]

 

13 Aug 2015 22:44:43 [0618] - **********************************************************

13 Aug 2015 22:44:43 [0618] - MWAV - eScanAV AntiVirus Toolkit.

13 Aug 2015 22:44:43 [0618] - Copyright © MicroWorld Technologies

13 Aug 2015 22:44:43 [0618] -

13 Aug 2015 22:44:43 [0618] - Support: support@escanav.com

13 Aug 2015 22:44:43 [0618] - Web: http://www.escanav.com

13 Aug 2015 22:44:43 [0618] - **********************************************************

13 Aug 2015 22:44:43 [0618] - Version 14.0.203[DB] (C:\USERS\THE THIRD\APPDATA\LOCAL\TEMP\MEXETMP.EX~)

13 Aug 2015 22:44:43 [0618] - Log File: C:\Users\The Third\AppData\Local\Temp\LOG\MWAV.LOG

13 Aug 2015 22:44:43 [0618] - User Account: The Third (Administrator Mode)

13 Aug 2015 22:44:43 [0618] - Windows Root  Folder: C:\WINDOWS

13 Aug 2015 22:44:43 [0618] - Windows Sys32 Folder: C:\WINDOWS\system32

13 Aug 2015 22:44:43 [0618] - OS: Windows 8.1 64-Bit [OS Install Date: 22 Aug 2014 17:21:16]

13 Aug 2015 22:44:43 [0618] - Ver: Personal Build 9200

13 Aug 2015 22:44:43 [0618] - Latest Date of files inside MWAV: Fri Aug 14 05:34:31 2015.

13 Aug 2015 22:44:43 [0618] - Priority: NORMAL

13 Aug 2015 22:44:43 [0618] - WARNING!!! INVALID SYSTEM DATE 13-08-2015 !!!

 

13 Aug 2015 22:44:43 [0c18] - Options Selected by User:

13 Aug 2015 22:44:43 [0c18] - Memory Check: Enabled

13 Aug 2015 22:44:43 [0c18] - Registry Check: Enabled

13 Aug 2015 22:44:43 [0c18] - StartUp Folder Check: Enabled

13 Aug 2015 22:44:43 [0c18] - System Folder Check: Enabled

13 Aug 2015 22:44:43 [0c18] - Services Check: Enabled

13 Aug 2015 22:44:43 [0c18] - Scan Archives: Disabled

13 Aug 2015 22:44:43 [0c18] - Drive Check: Enabled

13 Aug 2015 22:44:43 [0c18] - All Drive Check :Disabled

13 Aug 2015 22:44:43 [0c18] - Drive Selected = C:\

13 Aug 2015 22:44:43 [0c18] - Folder Check: Disabled

13 Aug 2015 22:44:43 [0c18] - SCAN: All_Files [ANSI]

13 Aug 2015 22:44:43 [0c18] - MWAV Mode(B): Scan and Clean files

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.6 (08.10.2015:1)

OS: Windows 8.1 x64

Ran by The Third on Fri 08/14/2015 at  8:40:40.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DFED8EF-3328-4BD2-AC91-4A112C7C3A27}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{052A7B63-F445-4310-A4C3-749C74F517D7}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{2C606696-1E29-4BEA-8E0B-D44D0D63843F}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{324AB55D-8ACC-4D8C-957E-0FDFA4CA784F}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{3EAB7E87-379D-4362-86EE-24D642D7A4DE}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{68B1F4FD-F7BC-449F-9BBF-CF4D23D69607}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{7C8655BA-BAFA-4836-8D09-9729B9EEA96B}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{88042C7A-F71A-4B32-9BCA-BAC588149622}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{887AD027-D213-4812-9923-077ED7240567}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{AD2C8A3C-F092-4549-B2FE-9B9998A11A61}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{B39F65CF-C482-42F4-BFC6-964AF0D5193D}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{BCB2AB30-7AD8-4143-AC72-4BD19567585D}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{C10712FF-5FBA-48E3-B483-BB917C808BB2}

Successfully deleted: [Empty Folder] C:\Users\The Third\Appdata\Local\{FE4732BF-F987-4153-AC46-57DEA9B492AF}

Successfully deleted: [Folder] C:\Program Files\005

Successfully deleted: [Folder] C:\ProgramData\google

Successfully deleted: [Folder] C:\ProgramData\3e3412d73103906f

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\The Third\AppData\Roaming\mozilla\firefox\profiles\05ph70o8.default-1412265524589\prefs.js

 

user_pref(browser.search.hiddenOneOffs, Bing,Amazon.com,DuckDuckGo,eBay,Secure Search,Twitter);

Emptied folder: C:\Users\The Third\AppData\Roaming\mozilla\firefox\profiles\05ph70o8.default-1412265524589\minidumps [9 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\The Third\Appdata\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp

 

[C:\Users\The Third\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\The Third\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\The Third\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\The Third\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/14/2015 at  8:43:49.97

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v4.208 - Logfile created 14/08/2015 at 09:04:43

# Updated 09/07/2015 by Xplode

# Database : 2015-08-12.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : The Third - MOTHERSHIP

# Running from : C:\Users\The Third\Desktop\adwcleaner_4.208.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\The Third\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijacdiajfhmmglphbglbgjjldcpfkglj

File Deleted : C:\Users\The Third\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijacdiajfhmmglphbglbgjjldcpfkglj_0.localstorage

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36D96925-ABFA-4EB8-B630-305E905A930D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{36D96925-ABFA-4EB8-B630-305E905A930D}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

 

-\\ Mozilla Firefox v40.0 (x86 en-US)

 

 

-\\ Google Chrome v37.0.2062.124

 

[C:\Users\Brooklyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Brooklyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Brooklyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869

[C:\Users\Brooklyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

[C:\Users\Talia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Talia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Talia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

 

*************************

 

AdwCleaner[R0].txt - [3542 bytes] - [14/08/2015 09:02:35]

AdwCleaner[S0].txt - [3307 bytes] - [14/08/2015 09:04:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3366  bytes] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users